Unifi 3.2.1 est sorti http://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-3-2-1-is-released/ba-p/872360 et cela tombe bien car cela va permettre de corriger des vulnérabilités sur les versions 2.4.x Ubiquiti UbiFi / mFi / AirVision – CSRF Vulnerability http://www.exploit-db.com/exploits/34187/ + http://seclists.org/fulldisclosure/2014/Jul/126 CVE-2014-2226: Ubiquiti Networks – UniFi Controller Admin/root password hash sent via syslog : http://seclists.org/fulldisclosure/2014/Jul/127 CVE-2014-2227: Ubiquiti Networks – AirVision v2.1.3 – Overly Permissive default crossdomain.xml : http://seclists.org/fulldisclosure/2014/Jul/128 Il vous faut donc mettre à jour vers la version 3.2.1.
Mois : juillet 2014
Ubiquiti: Mise à jour EdgeRouter
Depuis un peu plus d’un mois, Ubiquiti a mis à jour la version de l’OS de ses EdgeRouter Light (gamme EdgeMax).
La version actuelle est la 1.5.0 que l’on peut trouver ici http://www.ubnt.com/download/#EdgeRouter:Lite
ER-e100.v1.5.0.4677648.tar
69MB • 2014-06-20
Si vous souhaitez lire la Release Note en détail, suivez ce lien : http://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMax-software-release-v1-5-0/ba-p/888586
A noter que cette version intègre le PPPoE offload
[HW acceleration] Add support for PPPoE offload. Currently this is disabled by default
Mise à jour RouterOS v6.17
Mikrotik nous gratifie d’une nouvelle mise à jour de son RouterOS en version v6.17.
Celle-ci fixe uniquement un crash des CCR1009 mais comme j’ai un peu de retard dans le suivi des versions, je vous gratifie des ChangeLog des versions depuis mon dernier post :
What's new in 6.17 (2014-Jul-18 15:14): *) CCR1009 - fixed crash, only affects CCR1009; What's new in 6.16 (2014-Jul-17 13:12): *) 802.11ac support added in wireless-fp package for QCA9880/9882 rev2 (-BR4A) chips; *) ip cloud now allows to set which IP to use - detected (public) or local (private); *) l2tp, pptp, pppoe - fixed possible packet corruption when encryption was enabled; *) ovpn - fixed ethernet mode; *) certificates - use SHA256 for fingerprinting; *) ipsec - fix AH proposal and problem when sometimes policy was not generated; *) snmp - support AES encryption (rfc3826); *) l2tp server: added option to enable IPsec automatically; *) poe-out: added power-cycle-ping and power-cycle-interval settings; *) gps - increased retry duration to 30 seconds; *) time - on routerboards, current time is saved in configuration on reboot and on clock adjustment, and is used to set initial time after reboot; *) sntp - disabling/enabling client was causing dynamic-servers to be ignored (bug introduced in 6.14); *) CCR - fixed rare file system corruption when none of configuration could be changed or some of it disappeared; *) ipsec - allow multiple encryption algorithms per peer; *) email - support tls only connections; *) smb - fixed usb share issues after reboot *) snmp - fix v3 protocol time window checks; *) updated timezone information; *) quickset - added VPN settings for HomeAP mode; *) latency improvements on CCR devices; What's new in 6.15 (2014-Jun-12 12:25): *) fixed upgrade from v5 - on first boot all the optional packages were disabled; *) fixed problem where sntp server could not be specified in winbox %26 webfig; *) metarouter - make openwrt work on ppc metarouter again; What's new in 6.14 (2014-Jun-06 15:34): *) sntp - 'mode' now is a read-only property, it is set to broadcast if no server ip address is specified; *) smb - fixed some SMB1 errors; *) wireless-fp package is now included in routeros one (disabled by default); *) webfig - fixed quickset, it didn't work with disabled wireless pacakge; *) sstp - fixed problem where session was closed every 2min; *) pptp,l2tp,pppoe - fixed problem where some of the static bindings become dynamic interfaces; *) eoip - lowered default MTU to avoid IP packet fragmentation; *) eoip - added clamp-tcp-mss setting with default=yes for new tunnels to avoid IP packet fragmentation; *) fixed - bridge could sometimes get added without "running" flag; *) fixed - simple queues could sometimes crash router; *) fixed - simple queue stats freeze (empty winbox queue window); *) ssh server - allow none cipher; *) proxy - added 'anonymous' option which will skip adding X-* and Via headers; *) dhcp server - added option use-framed-as-classless and added support for DHCP-Classless-Static-Route RADIUS attribute; *) quickset - fixed problem where address mode selection did not work in bridge mode; *) ipv6 address - fixed problem where changing advertise lost ipv6 connected route; CAVEAT: CAPsMAN Layer3 doesn’t work if IPv6 package enabled either on CAPsMAN or CAP device;