Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

16.1X65-D48: Software Release Notification for Junos Software Service Release version 16.1X65-D48

0

0

Article ID: TSB17454 TECHNICAL_BULLETINS Last Updated: 16 Oct 2018Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
PTX1000
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 16.1X65-D48 is now available.

The following are incremental changes in 16.1X65-D48.

 
PR Number Synopsis Description
1115686 RPD memory leak caused by repeated RSVP RSB (reservation state block) deletes When an RSVP path is deleted (because of LSP deletion or switch-over to new path) RSB (Reservation state block) data structure has to be deleted to free up memory. When RSB deletion is performed, LSP attribute object in RSB is not deleted by RPD. This causes build up of RPD memory usage over a period of time (memory leak). Build up of RPD memory is proportional to the frequency of RSB deletes.
1214350 JSA10861 2018-07 Security Bulletin: Junos OS: Receipt of malformed RSVP packet may lead to RPD denial of service (CVE-2018-0027) Receipt of malformed RSVP packet may lead to rpd denial of service (CVE-2018-0027), please refer to https://kb.juniper.net/JSA10861 for more details.
1264464 The rpd might crash after deleting some vrf instances if "vrf-table-label" is configured In scaled number of vrf instances scenario with "vrf-table-label" configured, the rpd might crash after deleting some vrf instances.
1313158 The mgd process might crash and sessions will get killed if the load override from netconf happens Every load override and rollback operation increases the refcount by 1 and after it reaches the max value of it (65,535), the mgd crash will be observed and the session will get killed. When mgd crashes, the active lock may remain preventing any further commits.
1315066 The rpd might constantly consume high CPU in BGP setup On all platforms with Border Gateway Protocol (BGP), simply having network churn will cause rpd constantly consume high CPU (98%).
1326402 JSA10865 Junos OS: Receipt of specially crafted UDP packets over MPLS may bypass stateless IP firewall rules (CVE-2018-0031) Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. rpd process crash), but receipt of a high rate of UDP packets may be able to contribute to a denial of service attack.
1328058 Junos OS: RPD daemon crashes upon receipt of specific MPLS packet (CVE-2018-0043) Junos OS: RPD daemon crashes upon receipt of specific MPLS packet (CVE-2018-0043); Refer to https://kb.juniper.net/JSA10877 for more information.
1343613 JSA10875 2018-07 Security Bulletin: SRX Series: Vulnerabilities in ISC BIND named SRX Series: Vulnerabilities in ISC BIND named. For more details please refer to https://kb.juniper.net/JSA10875.
1347361 JSA10874 2018-07 Security Bulletin: Junos OS: cURL: Multiple vulnerabilities in multiple cURL versions Multiple vulnerabilities in cURL and libcurl have been resolved in Junos OS. Refer to JSA10874 for more information.
1348208 The MPLS LSP does not come up after changing admin-group mapping. On all Junos platforms that support the MPLS, the LSP might not come up after changing the MPLS admin-group mapping in all nodes of the LSP path, because the LSP configuration is not able to update its admin-group when the global admin-group (under MPLS hierarchy) is changed.
1361304 The rpd scheduler slip might be seen when frequently deleting/modifying/adding groups which are applied on top level If groups are applied on top level, when these groups are deleted/modified/added, all the top level hierarchies which are referred by these groups will be set with "mark-changed" bit. Everything under these hierarchies will be considered as changed. If these groups refer to policy-options and there are policies referring to prefix-list, each prefix in prefix-list will be marked as 'changed' even though the prefix-list is actually not changed at all. This will cause the duplicate prefix to be added to prefix-list. When the groups adding/modifying/deleting operation is frequently executed, the issue will cause more CPU occupation by policy processing, and then might cause the rpd scheduler slip.
1361550 rpd struck at 100% after clear bgp neighbor operation When a peer is coming is being established and it need to catch up with other peers which have received many more updates, the merge code will verify that the routes are to be announced. If none of the prefixes are to be announced before it has processed it's fair share of entries we will start from the beginning again. This is much more likely to hit an a situation where there is zero route churn.
1365653 The LSP might remain UP even if no path is acceptable due to CSPF failure In Resource Reservation Protocol (RSVP) scenario, the label-switched path (LSP) might remain UP even if no path is acceptable due to Constrained Shortest Path First (CSPF) failure. There are two scenarios which may result in CSPF failure. Scenario 1 with MBB: optimization timer fires during make-before-break (MBB). Scenario 2 without MBB: A link/IGP flap causes CSPF, but it depends on timing.
1380862 Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash (CVE-2018-0049) Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash (CVE-2018-0049); Refer to https://kb.juniper.net/JSA10883 for more information.
Modification History:
First publication date 2018-10-14
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search