はじめに
記事のアップロードが遅くなり大変失礼いたしました。先週ですがRouterOSのstableのアップデートが来ておりました。
更新内容
What's new in 6.48.3 (2021-May-25 06:09): MAJOR CHANGES IN v6.48.3: ---------------------- !) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147); ---------------------- *) branding - added option to upload custom files (newly generated branding package required); *) console - do not clear environment values if any global variable is set; *) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices; *) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices; *) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices; *) crs3xx - improved LACP linking between CRS3xx series switches; *) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices; *) defconf - fixed default configuration loading on RBOmniTikPG-5HacD; *) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48); *) dot1x - fixed MAC authentication fallback (introduced in v6.48); *) ipsec - fixed SA address parameter exporting; *) lte - fixed "earfcn" to band translation for "cell-monitor"; *) package - added new "iot" package with Bluetooth (KNOT only) and MQTT publisher support; *) rb4011 - fixed SFP+ port MTU setting after link state change; *) rb4011 - improved SFP+ port stability after boot-up; *) route - improved stability when connected route is modified; *) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636; *) ssh - return proper error code from executed command; *) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN); *) tile - fixed bridge performance degradation (introduced in v6.47); *) webfig - fixed "PortMapping" button (introduced in v6.48.2); *) winbox - fixed health reporting on RB960, hEX and hEX S devices; *) winbox - show "System/Health" only on boards that have health monitoring; *) wireless - fixed issue with multicast traffic delivery to client devices using power-save; *) wireless - improved iOS compatibility with HotSpot 2.0 networks; *) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
コメント
先行で対応がされていたFragAttacks (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147) に関することが主な内容になるかと思います。が国内では技適認証済みのRouterboard製品は多くなく、且つユーザーも限定されると思いますので影響は軽微かと思います。
個人的に気になっていた以下の内容について若干修正が間に合っていないようで、次回に持ち越しなところもあるようです。
今回は公式フォーラムを覗いても比較的穏当のようで、IPv6 NDについての不具合が引き続き報告されているようです。
公式サイト
v6.48.3 [stable] is released! - MikroTik
MikroTik
MikroTik makes networking hardware and software, which is used in nearly all countries of the world. Our mission is to make existing Internet technolo...