MikroTik RouterOS v6.40.8, v6.42.1, v6.43rc4 publicados

Debido a la reciente vulnerabilidad detectada por MikroTik en su sistema operativo RouterOS, es que se ha publicado para todas las ramas,  el arreglo a dicha vulnerabilidad.

Esto era algo esperado por muchos usuarios debido a que hasta ayer MikroTik recomendaba actualizar a la v6.41.2 para solucionar el problema, pero estaba dando ciertos problemas dicha actualización en algunas configuraciones con Bridge.

Hoy está disponible para la rama bugfix only, por lo tanto se puede actualizar para solucionar la vulnerabilidad y seguir utilizando la configuración sin perder o romper la misma.

Para la versión v6.40.8 el changelog es:

What''s new in 6.40.8 (2018-Apr-23 11:34):

!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipv6 - fixed IPv6 behaviour when bridge port leaves bridge;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) ssh - fixed SSH service becoming unavailable;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) winbox - show "Switch" menu on cAP ac devices;
*) wireless - improved compatibility with BCM chipset devices;

Para versión v6.43rc4:

!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;

Para v6.42.1:

!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - improved compatibility with BCM chipset devices;

Puede ser descargado desde el sitio de MikroTik en la sección descargas o desde el Winbox en System > Packges.