I have 6.43.14 installed on a hAP ac lite (64Mb RAM), and it is still vulnerable. Ticket#2019040222005195 and Ticket#2019032922005182It is an upgrade problem because of no free space on the router, not related to this thread at all.
I'm hearing reports that this isn't fixed on routers with 64Mb or less of RAM. Is your ticket about this, eben? Or something else? :-|This is far from over.
Please refer to ticket 2019040422005244 and advise.
Attacked both, and both releases fix CVE-2018-19299. Fantastic news — but now the hard work for all us network operators begins:Fixel also in long-term - 6.43.14
and Current - 6.44.2
That's very kind, but after we've all got the patch in longterm and stable, I want to know how I can mail order a crate of beer to MikroTik's offices to say thank you for getting this fixed.Also, send @maznu a present/gift/bounty/4011. He sure as hell earned it.
CVE-2018-19299 is not fixed in 6.45beta22, I am afraid.For those who won't notice it otherwise: MT just announced ROS 6.45 beta version which includes fix for these two issues.
Hopefully fix will land in other (stable and long term) branches shortly.
Second "bug" was acknowledged by MikroTik on 2018-04-20.So all this "close to year" shouting is overestimation. So i suggest to keep calm and wait for release, as MikroTik admitted 2nd CVE as vulnerability.
That is very welcome news, normis.We aim to fix the issue before the mentioned publication date.
If you cannot route IPv6 packets, you should be safe.I also would like to know this.If you just have the package enabled and absolutely no configuration from an IPv6 perspective are you okay?