Knowledge Search


×
 

Upgrade Instructions for ScreenOS Devices Running Release Versions Affected by JSA10712 or JSA10713

  [TSB16858] Show Article Properties


Alert Type:
PSN - Product Support Notification
Product Affected:
These issues can affect any product or platform running ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. Affected platforms include SSG, ISG, ISG-IDP, NS5000 and NS5GT.
Alert Description:
Please review the following Juniper Security Alerts to determine if you may be impacted:

JSA10712 - 2015-12 Out of Cycle Security Bulletin: ScreenOS: Crafted SSH negotiation may trigger system crash (CVE-2015-7754)
http://kb.juniper.net/JSA10712.

JSA10713
- 2015-12 Out of Cycle Security Bulletin: ScreenOS: Multiple Security issues with ScreenOS (CVE-2015-7755)
http://kb.juniper.net/JSA10713.

     NOTE: JSA10713 has been updated to provide more specific details on which release is affected by a known vulnerability identified in the alert.


If you are running an affected release, please read this document in it’s entirely to ensure a successful upgrade.
Solution:

RECOMMENDED SOFTWARE UPGRADE:

Affected Release

Recommended Release (select version to download)

6.2.0

 

6.2.0r15

6.2.0r19

6.2.0r16

6.2.0r19

6.2.0r17

6.2.0r19

6.2.0r18

6.2.0r19

6.3.0

 

6.3.0r12

6.3.0r12b

6.3.0r13

6.3.0r13b

6.3.0r14

6.3.0r14b

6.3.0r15

6.3.0r15b

6.3.0r16

6.3.0r16b

6.3.0r17

6.3.0r17b

6.3.0r18

6.3.0r18b

6.3.0r19

6.3.0r19b

6.3.0r20

6.3.0r21


 Juniper recommends updating to the latest software.  However to have minimal affect on the network you should upgrade to a equivalent software version while you qualify the latest version of ScreenOS.


Recommended releases are available for download from Juniper Network’s Download Software page. If you experience issues downloading the recommended release, please Contact Support for assistance.


VERIFY IMAGE AUTHENTICATION KEY PRIOR TO UPGRADE:

PRIOR TO UPGRADING YOUR SCREENOS RELEASE, PLEASE CONFIRM THAT YOU HAVE THE REQUISITE IMAGE KEY INSTALLED. FAILURE TO UPDATE TO THE CURRENT KEY IMAGE WILL RESULT IN UPGRADE FAILURE.

Information on how to verify your current image key and instructions for upgrading the key please refer to http://kb.juniper.net/TSB16495. The Latest image key is available from TSB16495, or at http://www.juniper.net/techpubs/hardware/netscreen-certifications/imagekey.zip.


CUSTOMER SPECIFIC PATCHES

If you are running a Customer Specific Patch (CSP), the version of your CSP follows the standard product version numbers.  Your CSP is affected if the base "R" version is affected.

Examples:
  • If you have a CSP version 6.3.0R10-xxxn, this is built off release 6.3.0R10 and this is not affected.
  • If you have a CSP version 6.3.0R16-xxxn, this is built off release 6.3.0R16 and this is affected.
If your CSP is affected, please contact Juniper Technical Assistance Center for assistance http://www.juniper.net/customers/support/
Implementation:
 
Related Links: