Wichtiges MikroTik Update 6.48.3

MikroTik hat ein neues wichtiges Update zur Verfügung gestellt das einige Sicherheitsrelevante CVE-Einträge im WLAN-Bereich löst.
Es wird empfohlen das Update einzuspielen. Kunden mit Wartungsvertrag wird dies in den nächsten Tagen erfolgen.

• CVE-2020-24587
• CVE-2020-24588
• CVE-2020-26144
• CVE-2020-26146
• CVE-2020-26147

Alle Änderungen im Überblick:

• branding – added option to upload custom files (newly generated branding package required)
• console – do not clear environment values if any global variable is set
• crs3xx – fixed Ethernet LEDs after reboot for CRS354 devices
• crs3xx – fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices
• crs3xx – fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices
• crs3xx – improved LACP linking between CRS3xx series switches
• crs3xx – improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices
• defconf – fixed default configuration loading on RBOmniTikPG-5HacD
• dot1x – fixed “reject-vlan-id” for MAC authentication (introduced in v6.48)
• dot1x – fixed MAC authentication fallback (introduced in v6.48)
• ipsec – fixed SA address parameter exporting
• lte – fixed “earfcn” to band translation for “cell-monitor”
• package – added new “iot” package with Bluetooth (KNOT only) and MQTT publisher support
• rb4011 – fixed SFP+ port MTU setting after link state change
• rb4011 – improved SFP+ port stability after boot-up
• route – improved stability when connected route is modified
• sfp – improved cable length monitoring as defined per SFF-8472 and SFF-8636
• ssh – return proper error code from executed command
• system – improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN)
• tile – fixed bridge performance degradation (introduced in v6.47)
• webfig – fixed “PortMapping” button (introduced in v6.48.2)
• winbox – fixed health reporting on RB960, hEX and hEX S devices
• winbox – show “System/Health” only on boards that have health monitoring
• wireless – fixed issue with multicast traffic delivery to client devices using power-save
• wireless – improved iOS compatibility with HotSpot 2.0 networks
• www – added “X-Frame-Options” header information to disallow website embedding in other pages