MikroTik RouterOS v6.40.9 [bugfix] publicado

Hace un par de horas que se ha publicado un nuevo release de la rama bugfix v6.40.9 con importantes arreglos a nivel de seguridad.

Lo que llama la atención de este release, es que por primera vez se mencionan arreglos de varias vulnerabilidades de CVE (CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159), las cuales han sido catalogadas como reservadas. Lo que indica que se la ha encontrado y trabajado en ella, pero no ha sido publicada al publico en general por algún motivo.

La lista de cambios de esta versión es la siguiente:

What's new in 6.40.9 (2018-Aug-20 07:46):

!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;

*) certificate - fixed "add-scep" template existence check when signing certificate;
*) defconf - fixed wAP LTE kit default configuration;
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) filesystem - fixed NAND memory going into read-only mode;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed interface configuration responsiveness;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ldp - properly load LDP configuration;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) snmp - added remote CAP count OID for CAPsMAN;
*) supout - added "partitions" section to supout file;
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) userman - improved unique username generation process when adding batch of users;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) winbox - show "scep-url" for certificates;
*) winbox - show "sector-writes" on ARM devices that have such counters;
*) winbox - show "sector-writes" on devices that have such counters;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - improved client "channel-width" detection;
*) wireless - improved Nv2 PtMP performance;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
*) wireless - updated "united-states" regulatory domain information;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

Puede ser descargado desde el sitio de MikroTik en la sección descargas o desde el Winbox en System > Packges.