I have 6.43.14 installed on a hAP ac lite (64Mb RAM), and it is still vulnerable. Ticket#2019040222005195 and Ticket#2019032922005182It is an upgrade problem because of no free space on the router, not related to this thread at all.
I'm hearing reports that this isn't fixed on routers with 64Mb or less of RAM. Is your ticket about this, eben? Or something else? :-|This is far from over.
Please refer to ticket 2019040422005244 and advise.
Attacked both, and both releases fix CVE-2018-19299. Fantastic news — but now the hard work for all us network operators begins:Fixel also in long-term - 6.43.14
and Current - 6.44.2
That's very kind, but after we've all got the patch in longterm and stable, I want to know how I can mail order a crate of beer to MikroTik's offices to say thank you for getting this fixed.Also, send @maznu a present/gift/bounty/4011. He sure as hell earned it.
CVE-2018-19299 is not fixed in 6.45beta22, I am afraid.For those who won't notice it otherwise: MT just announced ROS 6.45 beta version which includes fix for these two issues.
Hopefully fix will land in other (stable and long term) branches shortly.
Second "bug" was acknowledged by MikroTik on 2018-04-20.So all this "close to year" shouting is overestimation. So i suggest to keep calm and wait for release, as MikroTik admitted 2nd CVE as vulnerability.
That is very welcome news, normis.We aim to fix the issue before the mentioned publication date.
If you cannot route IPv6 packets, you should be safe.I also would like to know this.If you just have the package enabled and absolutely no configuration from an IPv6 perspective are you okay?
Happens with IPv6 set to NOTRACK. It's not tracking causing this.As Normis already wrote, these are not really bugs but you are merely exhausting the capacity of the router, either for IPv6 ND or for IPv6 connection tracking.
Glad to hear it, coz you're one of the speakers ;-)definitely there Monday
I guess we keep on waiting, and hoping...Unfortunately problem is not resolved yet. I also can not give you any ETA for such fixes.
When problem will be resolved, then RouterOS release notes will include such fix description.
Excellent news - and good luck, MikroTik team!"We will test this scenario."
https://mum.mikrotik.com/presentations/ ... 914661.pdfSo, any news?
For what it's worth, I've raised this with MikroTik support, Ticket#2018040822000592.Start laughing or crying at that point because your HEX is rebooting. Yes, rebooting. Target a Cisco 1841 w/15.0 code and default settings ... nothing happens.
Hoping this will be coming to the CRS317 (and others) at the same time…?The CRS326 Link Aggregation without CPU utilization in RouterOS is planned in near future.
Normis: is there any news on the super special MPLS features on this chipset that you hinted about in January…?Maybe not yet in stock. So just email a few of them to find out.
Stealth release :-)Already available! Suggested price is $399 and yes, it can forward 160Gb/s wire speed. Search google for the part number and you can find that some distributors have it on their web page, if not, ask them.
Mostly they're just "good" 80km optics with some extra Forward Error Correction thrown in. :-)100km? I have never heard that the DWDM SFP+ can reach up to 100 km. How is it possible?
Spoiler alert: Trump gets impeached!About the WireGuard idea, are you a time traveller writing to us from future? :)
+1, cannot confirm. Haven't had any phonecalls about reachability problems.That would be a completely different bug, and I cannot confirm it.
Maybe it is a fasttrack or route cache bug. That could be. I don't use those features.
Ahhhh, that's the bit I didn't grok. I'd only ever encountered reverse path filtering in a strict sense as part of a poor-man's BCP38. Ok, that's interesting.With RP Filter set to loose it should.