Community discussions

 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 282
Joined: Thu Dec 11, 2014 8:53 am

v6.42.7 [current] is released!

Mon Aug 20, 2018 9:54 am

RouterOS version 6.42.7 has been released in public "current" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.42.7 (2018-Aug-17 09:48):

MAJOR CHANGES IN v6.42.7:
----------------------
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
----------------------


*) bridge - improved bridge port state changing process;
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding without VLAN filtering (introduced in 6.42.6);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) ppp - fixed interface enabling after a while if none of them where active;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - updated "united-states" regulatory domain information;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this concrete RouterOS release.

If you router has a storage issue (not enough space due to RouterOS, not by other files stored on the device), use package from this link:
https://www.mikrotik.com/download/share/fix_space.npk
- upload package to your router;
- run /system reboot

Other affected installations will be fixed automatically, if there is enough space left for an upgrade by this fix:
"package - free up used storage space consumed by old RouterOS upgrades"
 
markmcn
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Wed Mar 03, 2010 2:15 am

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 11:15 am

*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
Can you please share what was the issue and what is the fixed behaviour?
I am using alot of IPSec in 6.42.6 and having no issues, I'm just wondering what has changed before I alter a working environment
Thanks for the great work
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 282
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 11:41 am

When adding (or importing) a new IPsec policy it automatically used src-address to calculate sa-src-address if it was not specified in tunnel mode, which is not correct. E.g.
/ip ipsec policy add dst-address=192.168.1.0/24 sa-dst-address=10.155.107.5 sa-src-address=0.0.0.0 src-address=10.155.107.6 tunnel=yes


Created:
 1     src-address=10.155.107.6/32 src-port=any dst-address=192.168.1.0/24 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=10.155.107.6 sa-dst-address=10.155.107.5 proposal=default ph2-count=0
 
bratislav
newbie
Posts: 49
Joined: Mon May 05, 2014 10:36 am

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 12:21 pm

Seems that new workaround option:
*) wireless - added option to disable PMKID for WPA2;
Does not prevent users to connect and so far everything works well for us ...
 
markmcn
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Wed Mar 03, 2010 2:15 am

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 12:32 pm

Hi Emils,
Thanks for the responce, Am I correct in saying the corrected behaviour is that if the sa-src-address=0.0.0.0 is used, It will now take the ip address of the outbound interface(Interface with the route to the ipsec peer/sa-dst-address)
Thanks
Mark
When adding (or importing) a new IPsec policy it automatically used src-address to calculate sa-src-address if it was not specified in tunnel mode, which is not correct. E.g.
/ip ipsec policy add dst-address=192.168.1.0/24 sa-dst-address=10.155.107.5 sa-src-address=0.0.0.0 src-address=10.155.107.6 tunnel=yes


Created:
 1     src-address=10.155.107.6/32 src-port=any dst-address=192.168.1.0/24 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=10.155.107.6 sa-dst-address=10.155.107.5 proposal=default ph2-count=0
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 282
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 1:35 pm

Yes, that is correct.
 
UpRunTech
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Fri Jul 27, 2012 12:11 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 1:54 pm

upgraded RB751-2HnD and RB2011UiAS-2HnD no dramas. I'll be interested in removing the PMKID and see what happens.

edit: removed PMKID and still here so who needs PMKID anyway?
Last edited by UpRunTech on Mon Aug 20, 2018 2:29 pm, edited 3 times in total.
 
R1CH
Forum Veteran
Forum Veteran
Posts: 725
Joined: Sun Oct 01, 2006 11:44 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 1:57 pm

Upgraded 5 x wAP AC, no issues so far.
 
Kindis
Member Candidate
Member Candidate
Posts: 207
Joined: Tue Nov 01, 2011 6:54 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 2:07 pm

Upgraded two 3011, one 493G, two CHR and two wAP AC. No issues what so ever. Also disabled PMKID for WPA2 and have no issues so far.
 
Fusionyx
just joined
Posts: 7
Joined: Thu Sep 21, 2017 10:53 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 2:32 pm

Hi updated a CRS328-24p-4S+ (Arm) from v6.42.6 -> v6.42.7 and all the weird problems are gone for us so far.

We can disable interfaces again without other interface being effected aswell and trunk interfaces toward other switches keep working after the update and reboot.

Thansk for fixing this!

Fusionyx
 
notToNew
Member Candidate
Member Candidate
Posts: 135
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 2:42 pm

*) wireless - added option to disable PMKID for WPA2;
What is the Capsman-part of this?

EDIT: Sorry, just had to relaoad the config to see it!


Joe
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
User avatar
rushlife
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Thu Nov 05, 2015 12:30 pm
Location: czech republic

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 3:14 pm

upgraded almost 300MK devices today and so far without problem

already done on types :
crs 328 poe
crs 317
crs 125
crs 226
ccr 1009
ccr 1016
ccr 1032
metal 52SHPacn
metal 2SHPn
rb 2011
rb 3011
mAP lite

In late night I must also done upgrade on main-rt CCR1072, I supposing no problem also :-)
 
MonkeyDan
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Fri Dec 29, 2017 8:41 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 4:58 pm

Does this really fix multipoint Wireless Wire disconnects? I’m reluctant to try as rc56 still had issues.
 
User avatar
Jotne
Forum Veteran
Forum Veteran
Posts: 708
Joined: Sat Dec 24, 2016 11:17 am

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 6:11 pm

@MonkeyDan
*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings; 
*) wireless - updated "united-states" regulatory domain information;
This wireless problem has been fixed. If your problem is listed there, it should be ok
.
Use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
Njumaen
newbie
Posts: 34
Joined: Wed Feb 24, 2016 8:41 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 7:52 pm

*) wireless - added option to disable PMKID for WPA2;
Even in CAPsMAN! \o/

Great Job!

Ralf.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1045
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa
Contact:

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 8:11 pm

upgraded almost 300MK devices today and so far without problem
...

Wow, you are brave :-)
MTCNA, MTCTCE, MTCRE & MTCINE
 
User avatar
rushlife
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Thu Nov 05, 2015 12:30 pm
Location: czech republic

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 8:43 pm

upgraded almost 300MK devices today and so far without problem
...

Wow, you are brave :-)
or stupid.. :D

no, really, I have lack of bad experiences... :D
 
MonkeyDan
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Fri Dec 29, 2017 8:41 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 8:50 pm

That's for WiFi. WiGig changes are under w60, which yes, they said they were fixed, but I've seen plenty of current and rc releases where that wasn't the case.
I decided to gave 6.42.7 a go on a 2 station multipoint setup, and while the links flapped for 10 minutes, they've been stable ever since. Hopefully it stays this way for a very long time :-D
@MonkeyDan
*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings; 
*) wireless - updated "united-states" regulatory domain information;
This wireless problem has been fixed. If your problem is listed there, it should be ok
 
eddieb
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 9:07 pm

Upgraded without problems ..

CRS125
CHR + Dude
RB750
RB951
RB962 (9x)
RB1100
RB2011 (2 IPSEC tunnels)
 
pe1chl
Forum Guru
Forum Guru
Posts: 4868
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 9:32 pm

upgraded almost 300MK devices today and so far without problem
...
Wow, you are brave :-)
Just wanted to comment the same.... upgrading 300 devices on the day of release, wow!
He deserves the prize for most valuable beta tester!
 
pe1chl
Forum Guru
Forum Guru
Posts: 4868
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 9:35 pm

upgraded almost 300MK devices today and so far without problem
...
Wow, you are brave :-)
or stupid.. :D

no, really, I have lack of bad experiences... :D
I once painted myself in the corner by upgrading 2 CCR1009 routers before noticing that further upgrades were impossible due to reduced diskspace, and now I am a little more careful because it took a lot of convincing on the forum before a fix package was released that would solve the problem without doing netinstall... and even that I installed too quickly on one of them. (getting rescued only by the fallback to second partition)
 
dadoremix
Frequent Visitor
Frequent Visitor
Posts: 98
Joined: Sat May 14, 2011 11:31 am

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 10:54 pm

upgraded almost 300MK devices today and so far without problem

already done on types :
crs 328 poe
crs 317
crs 125
crs 226
ccr 1009
ccr 1016
ccr 1032
metal 52SHPacn
metal 2SHPn
rb 2011
rb 3011
mAP lite

In late night I must also done upgrade on main-rt CCR1072, I supposing no problem also :-)
How did you upgrade 300 devices?
Script / tool? Or manual 1 by 1 ?
 
mkx
Forum Guru
Forum Guru
Posts: 1038
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 11:15 pm

How did you upgrade 300 devices?
Script / tool? Or manual 1 by 1 ?
I'm guessing Dude and/or CapsMan.
BR,
Metod
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1626
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 8:37 am

Could we expect 6.40.9 ?
Real admins use real keyboards.
 
bjornr
just joined
Posts: 23
Joined: Thu Apr 16, 2015 11:00 am

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 8:43 am

After upgrading to 6.42.7, my CRS328-24P-4S+ logs increased CPU temperature from SNMP readouts. The attached graph shows a significant change in CPU temperature after upgrading (at around 23:00). The switch's CPU load (also from SNMP) has not increased.

Were there any changes to the SNMP output for this unit, not mentioned in the changelog? It could look like the temperature of the board was previously listed as CPU temperature.

CRS328-24P-4S+-after-upgrade.png
You do not have the required permissions to view the files attached to this post.
 
John39
just joined
Posts: 21
Joined: Mon Aug 08, 2016 11:17 pm

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 11:14 am

After the update, cloud stopped working for me. Ip address is updated in cloud, and if ping is done, the answer comes from the old address. If you install RC, the problem immediately goes away. I had to switch to the script.
You do not have the required permissions to view the files attached to this post.
Last edited by John39 on Tue Aug 21, 2018 11:41 am, edited 1 time in total.
 
User avatar
rushlife
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Thu Nov 05, 2015 12:30 pm
Location: czech republic

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 11:27 am


How did you upgrade 300 devices?
Script / tool? Or manual 1 by 1 ?
Hi, I have linux (ubuntu server) with bash script ( which I made myself ) to upgrade all of it.
 
ofer
newbie
Posts: 32
Joined: Wed May 23, 2018 11:45 am

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 11:31 am

Upgraded 3 x HAP AC, no issues so far.
Update: I disabled PMKID on the units, no issues as well.

Thanks!
Last edited by ofer on Wed Aug 22, 2018 2:23 pm, edited 2 times in total.
 
John39
just joined
Posts: 21
Joined: Mon Aug 08, 2016 11:17 pm

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 11:40 am

Forgot to specify the model hap ac2.
The time between updating the cloud and checking ping was about 1 hour.
 
markmcn
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Wed Mar 03, 2010 2:15 am

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 12:03 pm

I upgraded a RB1100 AH4 last night, It mostly went ok,
The only issue was on reboot none of the ipsec tunnel came back, when I checked IPSec packets weren't even leaving as claimed to be trying to establish!! A second reboot and all the tunnels came up.
The take away being if you depend on IPSec to access the device maybe have a backup plan in this case
 
Njumaen
newbie
Posts: 34
Joined: Wed Feb 24, 2016 8:41 pm

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 12:37 pm

*) crs3xx - fixed tagged packet forwarding without VLAN filtering (introduced in 6.42.6);
This really drove me crazy on my CRS328-24P-4S+ :? Thanks for fixing!
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1045
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa
Contact:

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 1:41 pm

After upgrading to 6.42.7, my CRS328-24P-4S+ logs increased CPU temperature from SNMP readouts. The attached graph shows a significant change in CPU temperature after upgrading (at around 23:00). The switch's CPU load (also from SNMP) has not increased.

Were there any changes to the SNMP output for this unit, not mentioned in the changelog? It could look like the temperature of the board was previously listed as CPU temperature.


CRS328-24P-4S+-after-upgrade.png

CRS326-24G-2S+ also seems to be running high temp's, cant say what it was before as it is a new installation done last night, has 6.42.7 installed last night
This is in an air conditioned server room
CRS326-24G-2S+ Temp.JPG
You do not have the required permissions to view the files attached to this post.
MTCNA, MTCTCE, MTCRE & MTCINE
 
User avatar
rushlife
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Thu Nov 05, 2015 12:30 pm
Location: czech republic

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 2:50 pm

I will take a look on this too.

edit : no change imho
 
Paternot
Member
Member
Posts: 444
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 5:01 pm

Upgraded one RB750Gr3 and three hAP ac lite. All working: IPsec and OpenVpn (server, RB750Gr3), BGP (small table, internal), PPPoE and wireless (802.11ac/n).
 
bjornr
just joined
Posts: 23
Joined: Thu Apr 16, 2015 11:00 am

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 5:29 pm

After upgrading to 6.42.7, my CRS328-24P-4S+ logs increased CPU temperature from SNMP readouts. [...]

Tried downgrading to 6.42.6, and CPU temperature is shown as 8-10 degrees lower than with 6.42.7 - both in System -> Health and with SNMP.


6.42.7 before downgrade:
6.42.7.before.png

Downgraded to 6.42.6:
6.42.6.png

Back to 6.42.7 after upgrading again:
6.42.7.after.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 223
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 7:27 pm

Why did 2 fans appear in the last print?
I apologize my grammatical errors, my english not so good, I am not a native speaker.
Wiki is maintained in English. I use Google translator. 8)
 
bjornr
just joined
Posts: 23
Joined: Thu Apr 16, 2015 11:00 am

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 7:55 pm

Why did 2 fans appear in the last print?
For some reason, fan speed is only shown in "System Health" when the fans are running. So during the last screenshot the fans were running, but in the other two the fans were off.

A curious side effect of this is that (at least with Linux and Wine) the "System Health" window will grow bigger when the two fan speeds are shown, and go back to a smaller window when the fans don't run - so the window will not only change size multiple times, but also change its position in Winbox. After some time, I will usually find the "System Health" window in the upper left corner of Winbox :-)
 
anav
Forum Guru
Forum Guru
Posts: 1144
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 9:56 pm

upgraded almost 300MK devices today and so far without problem
...

Wow, you are brave :-)
The irony!!
I just want to point that you have now truly earned your nick as CZFAN. ;-)
(seeing as rushlife is from CZech land).
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1045
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa
Contact:

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 12:09 am

Anav, welcome back, been a while since I last saw a post from you.

FYI, my nick name is based on a well known product from Czech Republic
MTCNA, MTCTCE, MTCRE & MTCINE
 
upnort
just joined
Posts: 19
Joined: Wed Aug 15, 2018 2:03 am

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 6:36 am

Hi, I have linux (ubuntu server) with bash script ( which I made myself ) to upgrade all of it.
Linux user here. Please, please share the script! :D
 
User avatar
rushlife
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Thu Nov 05, 2015 12:30 pm
Location: czech republic

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 9:17 am

enjoy
You do not have the required permissions to view the files attached to this post.
 
Kraken2k
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Wed Oct 01, 2014 1:50 pm
Location: Prague

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 11:16 am

Upgraded RB2011, no issues so far.
FYI, my nick name is based on a well known product from Czech Republic
Yeah... your avatar is pretty self-explaining.
 
User avatar
Jotne
Forum Veteran
Forum Veteran
Posts: 708
Joined: Sat Dec 24, 2016 11:17 am

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 2:37 pm

Found a smal bug that should be fixed.

In GUI name "Tools" is used.
In CLI it is used "tool"

Using same name helps to navigate when using both interface CLI and GUI

Other strange thing.
In GUI Bridge has its own main menu.
In CLI its under Interface/Bridge
Why these differences?`
.
Use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5702
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 2:49 pm

There are some GUI differences for ease of use. It is not v6.42.7 specific.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4868
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 2:51 pm

Is there any indication of the attack surface of "vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159"?
What kind of installations would be directly at risk and require quick updates?
(e.g. admin service ports open on internet, certain types of VPN service open on internet, any configuration with internet connection, etc)
 
k3dt
newbie
Posts: 28
Joined: Tue Jul 17, 2007 3:37 pm
Location: Czech Republic

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 2:53 pm

Can you provide some more informations about fixed vulnerabilities? eg. how critical are? thanks
 
User avatar
Jotne
Forum Veteran
Forum Veteran
Posts: 708
Joined: Sat Dec 24, 2016 11:17 am

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 3:29 pm

There are some GUI differences for ease of use. It is not v6.42.7 specific.
Posted in wrong thread, should be in the Winbox thread.
PS it does not make it simpler to not have equal name and stricture.
.
Use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
soomanyquestions
newbie
Posts: 32
Joined: Sat Aug 20, 2016 6:35 pm

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 4:39 pm

Is there any indication of the attack surface of "vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159"?
What kind of installations would be directly at risk and require quick updates?
(e.g. admin service ports open on internet, certain types of VPN service open on internet, any configuration with internet connection, etc)
This would be really nice to know!
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 282
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 4:44 pm

We will publish official blog post soon with more detailed information about the fixed vulnerabilities.
 
R1CH
Forum Veteran
Forum Veteran
Posts: 725
Joined: Sun Oct 01, 2006 11:44 pm

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 6:39 pm

Were these security fixes stealthily added to the v6.42.7 patch notes? I don't recall seeing them there before and I didn't update since it didn't look like a necessary update. It's very bad that details aren't available even though the fixed version is published. It doesn't take much effort to compare the 6.42.6 vs 6.42.7 binaries and figure out where the exploits were and start attacking them. Hopefully this is just a fix of long standing security bugs like lack of certificate validation in numerous places.

Who is online

Users browsing this forum: NEOhidra, Neski and 10 guests