Jump to content
Калькуляторы

6.44.5 выпущена: вот теперь можно обновляться

RouterOS version 6.44.5 has been released in public "long-term" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.44.5 (2019-Jul-04 10:32):

MAJOR CHANGES IN v6.44.5:
----------------------
!) security - fixed vulnerabilities CVE-2018-1157, CVE-2018-1158;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
----------------------

Changes in this release:

*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) certificate - removed "set-ca-passphrase" parameter;
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipv6 - improved system stability when receiving bogus packets;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) rb3011 - improved system stability when receiving bogus packets;
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added IPv6 ND section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - updated "china" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
 

Share this post


Link to post
Share on other sites

Обратите внимание на 

*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
 

Теперь обязательно нужны правила, разрешающие GRE, иначе туннели, использующие этот протокол, не будут работать.

 

Share this post


Link to post
Share on other sites

В 09.07.2019 в 15:58, McSea сказал:

Обратите внимание на 

*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
 

Теперь обязательно нужны правила, разрешающие GRE, иначе туннели, использующие этот протокол, не будут работать.

 

Кстате у кого pptp клиент достаточно будет в /ip firewall service-port включить pptp, ну или прокидывать gre
 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.