MikroTik RouterOS v6.40.9 [bugfix] publicado
Hace un par de horas que se ha publicado un nuevo release de la rama bugfix v6.40.9 con importantes arreglos a nivel de seguridad.
Lo que llama la atención de este release, es que por primera vez se mencionan arreglos de varias vulnerabilidades de CVE (CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159), las cuales han sido catalogadas como reservadas. Lo que indica que se la ha encontrado y trabajado en ella, pero no ha sido publicada al publico en general por algún motivo.
La lista de cambios de esta versión es la siguiente:
What's new in 6.40.9 (2018-Aug-20 07:46): MAJOR CHANGES IN v6.40.9: ---------------------- !) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159; ---------------------- *) certificate - fixed "add-scep" template existence check when signing certificate; *) defconf - fixed wAP LTE kit default configuration; *) ethernet - improved large packet handling on ARM devices with wireless; *) ethernet - removed obsolete slave flag from "/interface vlan" menu; *) filesystem - fixed NAND memory going into read-only mode; *) hotspot - fixed user authentication when queue from old session is not removed yet; *) interface - fixed interface configuration responsiveness; *) ipsec - fixed policies becoming invalid if added after a disabled policy; *) ldp - properly load LDP configuration; *) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages; *) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers; *) snmp - added remote CAP count OID for CAPsMAN; *) supout - added "partitions" section to supout file; *) tile - fixed Ethernet interfaces becoming unresponsive; *) tr069-client - fixed unresponsive tr069 service when blackhole route is present; *) userman - fixed compatibility with PayPal TLS 1.2; *) userman - improved unique username generation process when adding batch of users; *) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels; *) winbox - allow to specify full URL in SCEP certificate signing process; *) winbox - by default specify keepalive timeout value for tunnel type interfaces; *) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu; *) winbox - show "scep-url" for certificates; *) winbox - show "sector-writes" on ARM devices that have such counters; *) winbox - show "sector-writes" on devices that have such counters; *) winbox - show "System/Health" only on boards that have health monitoring; *) wireless - added option to disable PMKID for WPA2; *) wireless - enable all chains by default on devices without external antennas after configuration reset; *) wireless - fixed packet processing after removing wireless interface from CAP settings; *) wireless - improved client "channel-width" detection; *) wireless - improved Nv2 PtMP performance; *) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates; *) wireless - updated "united-states" regulatory domain information; To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download
Puede ser descargado desde el sitio de MikroTik en la sección descargas o desde el Winbox en System > Packges.
