Hi Dormando, Thanks for asking this question. I manually looked at the patches that went in memcached 1.4.17 and looked at the code in memcached 1.6.0beta. The 4 issues that we were interested in (CVE-2013-7239 CVE-2013-7291 CVE-2013-7290 CVE-2013-0179) is already fixed in memcached 1.6.0beta. We were especially worried about https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7239 (memcached: SASL authentication allows wrong credentials to access memcache). I think memcached 1.6.0beta is not affected.
Thank you for your help. Rgds, anna On Tuesday, 4 March 2014 11:15:54 UTC+5:30, Dormando wrote: > > Have you tested to be sure the security fixes even affect 1.6.0? The code > was significantly rewritten and I'm unsure if it is even affected. > > On Mon, 3 Mar 2014, அண்ணாமலை குருசாமி wrote: > > > Hi Dormando, > > Thanks for your response. Currently MySQL provides a memcached > interface using InnoDB as a storage engine. We are using memcached > 1.6.0beta and > > are dependent on the storage engine interface. But memcached 1.4.17 has > some security fixes which memcached 1.6.0beta is not having. So we are in > > trouble. Either we need to get the security fixes for memcached > 1.6.0beta or we need to downgrade to 1.4.17. Since memcached 1.4 series > does not > > have storage engine interface, we might not be able to downgrade to > memcached 1.4.17. Any idea when memcached 1.6.0 will become GA? Or are > there > > any plans to provide security fixes for memcached 1.6.0beta? > > Looking forward to your reponse. > > > > Rgds, > > anna > > > > > > On Saturday, 1 March 2014 03:44:40 UTC+5:30, Dormando wrote: > > The storage engine interface is not available in the 1.4 series. > > > > On Fri, 28 Feb 2014, அண்ணாமலை குருசாமி wrote: > > > > > Hi All, > > > Does memcached 1.4.17 have the storage engine interface? Can > anyone confirm this? Is the storage engine interface available only in > > 1.6 series? > > > Is it not available in 1.4 series? > > > > > > http://code.google.com/p/memcached/wiki/EngineInterface > > > > > > Thank you. > > > > > > Rgds, > > > anna > > > > > > -- > > > > > > --- > > > You received this message because you are subscribed to the > Google Groups "memcached" group. > > > To unsubscribe from this group and stop receiving emails from > it, send an email to [email protected]. > > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "memcached" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > -- --- You received this message because you are subscribed to the Google Groups "memcached" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
