On Fri, 2019-04-05 at 10:11 +1100, Mike Everest wrote:
Apologies to any who consider it noise :-} MikroTik have released patches addressing IPv6 memory depletion bug in bugfix/long-term and stable release channels.
The abovementioned fix appears to address only CVE-2018-19298. So has anyone checked to see whether the patched ROS is now not vulnerable to CVE-2018-19299? Isalski says it is, but doesn't mention actual ROS versions. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160 GPG fingerprint: 887A DA07 4DCC EE76 B413 27D4 C638 4189 6CF0 D556 Old fingerprint: 8454 EE43 6215 B6DD 1B4D 9D8D 984D 7BA1 7378 A38D