Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Upgrade Instructions for ScreenOS Devices Running Release Versions Affected by JSA10712 or JSA10713

0

0

Article ID: TSB16858 TECHNICAL_BULLETINS Last Updated: 22 Dec 2015Version: 1.0
Alert Type:
PSN - Product Support Notification
Product Affected:
These issues can affect any product or platform running ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. Affected platforms include SSG, ISG, ISG-IDP, NS5000 and NS5GT.
Alert Description:
Please review the following Juniper Security Alerts to determine if you may be impacted:

JSA10712 - 2015-12 Out of Cycle Security Bulletin: ScreenOS: Crafted SSH negotiation may trigger system crash (CVE-2015-7754)
http://kb.juniper.net/JSA10712.

JSA10713
- 2015-12 Out of Cycle Security Bulletin: ScreenOS: Multiple Security issues with ScreenOS (CVE-2015-7755)
http://kb.juniper.net/JSA10713.

     NOTE: JSA10713 has been updated to provide more specific details on which release is affected by a known vulnerability identified in the alert.


If you are running an affected release, please read this document in it’s entirely to ensure a successful upgrade.
Solution:

RECOMMENDED SOFTWARE UPGRADE:

Affected Release

Recommended Release (select version to download)

6.2.0

 

6.2.0r15

6.2.0r19

6.2.0r16

6.2.0r19

6.2.0r17

6.2.0r19

6.2.0r18

6.2.0r19

6.3.0

 

6.3.0r12

6.3.0r12b

6.3.0r13

6.3.0r13b

6.3.0r14

6.3.0r14b

6.3.0r15

6.3.0r15b

6.3.0r16

6.3.0r16b

6.3.0r17

6.3.0r17b

6.3.0r18

6.3.0r18b

6.3.0r19

6.3.0r19b

6.3.0r20

6.3.0r21


 Juniper recommends updating to the latest software.  However to have minimal affect on the network you should upgrade to a equivalent software version while you qualify the latest version of ScreenOS.


Recommended releases are available for download from Juniper Network’s Download Software page. If you experience issues downloading the recommended release, please Contact Support for assistance.


VERIFY IMAGE AUTHENTICATION KEY PRIOR TO UPGRADE:

PRIOR TO UPGRADING YOUR SCREENOS RELEASE, PLEASE CONFIRM THAT YOU HAVE THE REQUISITE IMAGE KEY INSTALLED. FAILURE TO UPDATE TO THE CURRENT KEY IMAGE WILL RESULT IN UPGRADE FAILURE.

Information on how to verify your current image key and instructions for upgrading the key please refer to http://kb.juniper.net/TSB16495. The Latest image key is available from TSB16495, or at http://www.juniper.net/techpubs/hardware/netscreen-certifications/imagekey.zip.


CUSTOMER SPECIFIC PATCHES

If you are running a Customer Specific Patch (CSP), the version of your CSP follows the standard product version numbers.  Your CSP is affected if the base "R" version is affected.

Examples:
  • If you have a CSP version 6.3.0R10-xxxn, this is built off release 6.3.0R10 and this is not affected.
  • If you have a CSP version 6.3.0R16-xxxn, this is built off release 6.3.0R16 and this is affected.
If your CSP is affected, please contact Juniper Technical Assistance Center for assistance http://www.juniper.net/customers/support/
Implementation:
 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search