Importante actualización de RouterOS en ramas long-term y stable
Se han publicado una nueva actualización del RouterOS, tanto en su rama long-term como stable, las cuales aplican mejoras a nivel de seguridad del sistema operativo.
Los diferentes CVE que han sido corregidos, también lo han aplicado diferentes vendors, ya que son generales.
En la rama stable v6.45.7, aparte de los arreglos a nivel de seguridad, también se ha incorporado el soporte de LoRaWAN para las arquitecturas MIPSE, MMIPS y ARM.
La lista de cambios de esta rama es:
What's new in 6.45.7 (2019-Oct-24 08:44): MAJOR CHANGES IN v6.45.7: ---------------------- !) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM; !) package - accept only packages with original filenames (CVE-2019-3976); !) package - improved package signature verification (CVE-2019-3977); !) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979); ---------------------- Changes in this release: *) capsman - fixed frequency setting requiring multiple frequencies; *) capsman - fixed newline character missing on some logging messages; *) conntrack - properly start manually enabled connection tracking; *) crs312 - fixed combo SFP port toggling (introduced in v6.44.5); *) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces; *) crs3xx - fixed management access when using switch rule "new-vlan-priority" property; *) export - fixed "bootp-support" parameter export; *) ike2 - fixed phase 1 rekeying (introduced in v6.45); *) led - fixed default LED configuration for RBLHG5nD; *) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45); *) radius - fixed open socket leak when invalid packet is received (introduced in v6.44); *) sfp - fixed "sfp-rx-power" value for some transceivers; *) snmp - improved reliability on SNMP service packet validation; *) system - improved system stability for devices with AR9342 SoC; *) winbox - show SFP tab for QSFP interfaces; *) wireless - added "canada2" regulatory domain information; *) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
Con respecto a la rama long-term v6.44.6, la cual solo incluye arreglos mas no nuevas incorporaciones, dispone del siguiente changelog
What's new in 6.44.6 (2019-Oct-24 09:37): MAJOR CHANGES IN v6.44.6: ---------------------- !) package - accept only packages with original filenames (CVE-2019-3976); !) package - improved package signature verification (CVE-2019-3977); !) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979); ---------------------- Changes in this release: *) capsman - fixed frequency setting requiring multiple frequencies; *) capsman - fixed newline character missing on some logging messages; *) ccr - improved packet processing after overloading interface; *) crs312 - fixed combo SFP port toggling (introduced in v6.44.5); *) crs328 - adjust fan speed based on SFP and CPU temperature; *) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces; *) crs3xx - fixed management access when using switch rule "new-vlan-priority" property; *) export - fixed "bootp-support" parameter export; *) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2; *) ike2 - fixed policy port selection for responder with natted initiator; *) ike2 - fixed traffic selector address family selection when using IPv6; *) interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44); *) ipsec - allow inline "passphrase" parameter when importing keys; *) ipsec - fixed minor spelling mistakes in logs; *) led - fixed default LED configuration for RBLHG5nD; *) ospf - fixed opaque LSA type checking in OSPFv2; *) ospf - fixed possible busy loop condition when accessing OSPF LSAs; *) ospf - improved "unknown" LSA handling in OSPFv3; *) profile - added "internet-detect" process classificator; *) radius - fixed open socket leak when invalid packet is received (introduced in v6.44); *) sfp - fixed "sfp-rx-power" value for some transceivers; *) smb - improved stability on x86 and CHR; *) snmp - fixed encrypted data sequence (introduced in v6.44.5); *) snmp - improved reliability on SNMP service packet validation; *) ssh - accept remote forwarding requests with empty hostnames; *) ssh - fixed carriage return presence in subsequent sessions; *) ssh - improved remote forwarding handling (introduced in v6.44.3); *) supout - fixed supout file generation outside of internal storage with insufficient space; *) switch - fix port isolation for non-CRS series switch chips; *) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055); *) system - improved system stability for devices with AR9342 SoC; *) upgrade - fixed "auto-upgrade" to use new style authentication; *) upnp - fixed XML parsing (FG-VD-19-110); *) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot"; *) winbox - added "auto-erase" parameter to "Tools/SMS" menu; *) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu"; *) winbox - added "revision" parameter to "System/Routerboard" menu; *) winbox - removed "max-sms" parameter from "Tools/SMS" menu; *) wireless - fixed basic rate reporting in snooper; *) wireless - improved 802.11ac stability for all ARM devices with wireless; *) wireless - improved range selection when distance set to "dynamic"; *) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
Puede ser descargado desde el sitio de MikroTik en la sección descargas o desde el Winbox en System > Packges.
