Knowledge Search


×
 

15.1R7-S4: Software Release Notification for Junos Software Service Release version 15.1R7-S4

  [TSB17553] Show Article Properties


Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, M, MX, T, TX, PTX, VMX, VRR, QFX
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 15.1R7-S4 is now available.

The following are incremental changes in 15.1R7-S4.

 
PR Number Synopsis Description
1296262

Junos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface (CVE-2019-0040)

Junos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface (CVE-2019-0040); Refer to https://kb.juniper.net/JSA10929 for more information. 

1309944

With Resource Certification (RPKI) enabled, RPD successive crashes during route validation DB processing

In JUNOS with Resource Certification (RPKI) enabled for BGP Route Origin validation, in some scenarios successive RPD crashes generated with route validation DB processing enabled due to buffering issues in string, generating the coredumps due to invalid pointer. 

1350240

The pccd might crash after a delegated LSP is removed in PCEP scenario

On Junos platform, pccd crash is observed in PCEP scenario. 

1351705

After GRES, the BGP neighbors at Master RE might reset and the BGP neighbors at Backup RE take long time to establish

When BGP and NSR (Nonstop-Routing) is configured, after GRES (Graceful Routing Engine switchover) from RE1 to RE0 and then rebooting the backup immediately, all BGP neighbors might reset. And at Backup RE, the BGP Idle state lasts 1 minute or 7 minutes, which means the BGP neighbors at Backup RE take around 1 minute or 7 minutes to establish once Backup RE boots up. 

1356474

JSA10900 2019-01 Security Bulletin: Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd) (CVE-2019-0001)

JSA10900 2019-01 Security Bulletin: Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd) (CVE-2019-0001). See https://kb.juniper.net/JSA10900 for details. 

1363964

On EX4300/EX4600/QFX3500/QFX3600/QFX5000 platforms, the l2ald process might crash in dot1x scenario

On EX4300/EX4600/QFX3500/QFX3600/QFX5000 platforms, during any client's dynamic VLAN membership creation in a dot1x scenario, the l2ald process might crash. 

1372421

The dot1xd might crash when dot1xd receives incorrect reply length from the authd

On Junos OS platforms with supporting dot1x, the dot1xd core-dumps might be seen when it receives the reply from the authd and reply length is less than 28 Bytes. 

1380231

The RE might crash with various core files due to the deadlock issue on the SDB STS

In the system that uses session database (SDB), the deadlock might happen when getting the lock on the SDB short term storage (STS) due to a rare timing issue. It is more likely to happen on Enhanced Subscriber Management environment with large-scale subscribers (such as 50k subscribers). The issue will cause the master Routing Engine (RE) to crash with various core files and lose the management connectivity. And the subscriber service could be affected. The issue might happen on single RE system as well as dual RE system. In the dual RE system, the master RE crash could trigger a RE switchover. But the issue could cause the incomplete state on the SDB in the new master RE, which could cause the subscribers login failure. A restart of smg-service on the new master RE will recover this login issue. 

1382209

LACP might stuck in Detached state on QFX5K platforms in VXLAN scenario

On QFX5K platforms with LACP configured, if an AE interface has native-vlan-id configured and that native vlan is VXLAN enabled, LACP on that interface might stop processing received LACP PDUs and stuck in Detached state. LACP in Detached state will not carry traffic. 

1394922

Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036)

Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036); Refer to https://kb.juniper.net/JSA10925 for more information. 

1398685

The rpd soft core might be seen when L2VPN is used

RPD provides a mechanism to validate that route selection has successfully been done. When errors in route selection are detected, a soft core is dropped: RPD remains running, a single core file is dropped, it is rate limited to not do this frequently. When running L2VPN, BGP MED selection may be inappropriately run on the routes. As a result, the route selection sanity code will notice an unexpected result and leave a soft core. 

1401915

802.1x authentication issue might be seen on Legacy EX platforms in mac-radius multi-supplicant mode

On Legacy EX platforms (EX2200/EX3200/EX3300/EX4200/EX45/EX62/EX82) with RE protect filter configured (firewall filter applied on loopback interface), when an interface is using 802.1x mac-radius multi-supplicant mode and there are more than one devices daisy-chained on the interface, MAC learning messages for unknown source might be dropped, which will cause 802.1x legitimate users fail to be authenticated. 

1402012

The authd crash might be seen due to a memory corruption issue.

In subscriber scenario, the authd might crash multi-times due to a memory corruption issue. 

1407830

The links might not come up between EX4550/EX4200 and peer device if the MACsec is enabled

On EX4550/EX4200 Series platforms, the 1G interface might not come up between EX4550/EX4200 and a peer device if the Media Access Control Security (MACsec) is enabled. 

1408717

The dot1x authentication might fail to be authenticated on some EX platforms

On EX2200/EX3200/EX3300/EX4200/EX4500/EX4550/EX6200/EX8200/EX8208/EX8016 Series platforms, the dot1x authentication might fail to be authenticated because the EX device doesn't strip the VLAN tag/priority for the tagged EAP responses packets. 

1414021

The CPU utilization of the rpd process is stuck at 100% if BGP multipath is configured

In BGP with the indirect next-hop scenario, if uRPF is enabled, and then enable BGP multipath, a background job loop might be formed and the CPU utilization of rpd process might be stuck at 100%. 

1414706

Firewall filters are not getting programmed into PFE

In the subscriber environment, if the client profile has no filters while the service profile has filters, after a subscriber login, the ifstate compression might be seen when deleting the current filters and then adding a different filter. When this occurs, the firewall filter might be corrupted. 

1416582

CoS is not properly programmed on PFE after deleting/adding subscriber service profile

On MX platform and 15.1 releases, if deleting one subscriber service profile and adding another service profile immediately, CoS will not be programmed correctly on PFE. 

1418960

PPPoE compliance issue with RFC2516, the MX allows PPPoE session-id 65535.

PPPoE compliance issue with RFC2516, the MX allows PPPoE session-id 65535. 

1419891

In a rare scenario with multicast extranet vpn, rpd can crash due to reference count of next hop becomes 0

In a rare scenario with multicast extranet vpn, rpd can crash due to reference count of next hop becomes 0 

Modification History:
First publication date 2019-04-13
Related Links: