RouterOSをアップデート 6.42.6→6.42.7

Mikrotik RouterOSをアップデートした記録 6.42.6→6.42.7



MikroTik Routers and Wireless – Software

What's new in 6.42.7 (2018-Aug-17 09:48):

!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;

*) bridge - improved bridge port state changing process;
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1; 
*) crs3xx - added command that forces fan detection on fan-equipped devices; 
*) crs3xx - fixed port disable on CRS326 and CRS328 devices; 
*) crs3xx - fixed tagged packet forwarding without VLAN filtering (introduced in 6.42.6);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified; 
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6 - improved reliability on IPv6 DHCP services; 
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled; 
*) ldp - properly load LDP configuration; 
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices; 
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes; 
*) lte - fixed memory leak on USB disconnect; 
*) lte - fixed SMS send feature when not in LTE network;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) ppp - fixed interface enabling after a while if none of them where active;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers; 
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5; 
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings; 
*) wireless - updated "united-states" regulatory domain information;



2018/08/22 追記
CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159が
CVE IDで検索しても現時点ではまだ情報公開されていませんでしたので

2018/08/23 追記
CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159の詳細が出てました

MikroTik blog – Security issues discovered by Tenable

CVE-2018-1156: An authenticated user can trigger a stack buffer overflow.
CVE-2018-1157: File upload memory exhaustion. An authenticated user can cause the www binary to consume all memory.
CVE-2018-1158: Recursive JSON parsing stack exhaustion, which could allow an authenticated user to cause crash of the www service.
CVE-2018-1159: www memory corruption, if connections are initiated and not properly cleaned up then a heap corruption occurs in www.




System→PackagesでPackage Listを開いて左上の「Check For Updates」を選択


再起動後にPackage ListにてVersionが6.42.7になっているのを確認


Upgrade Firmwareが6.42.7になっているのを確認して「Upgrade」ボタンを選択

”Firmware upgraded successfully. please reboot for changes to take effect!”

再起動後にSystem→RouterboardにてCurrent Firmwareが6.42.7になっているのを確認