Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.2R1-S8: Software Release Notification for Junos Software Service Release version 17.2R1-S8



Article ID: TSB17563 TECHNICAL_BULLETINS Last Updated: 25 Apr 2019Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts

unos Software service Release version 17.2R1-S8 is now available.

The following are incremental changes in 17.2R1-S8.

PR Number Synopsis Description

Hostname under FPC shell isn't taken effect after changing system hostname.

Hostname under FPC shell isn't taken effect after changing system hostname.


RPD memory leak caused by repeated RSVP RSB (reservation state block) deletes

When an RSVP path is deleted (because of LSP deletion or switch-over to new path) RSB (Reservation state block) data structure has to be deleted to free up memory. When RSB deletion is performed, LSP attribute object in RSB is not deleted by RPD. This causes build up of RPD memory usage over a period of time (memory leak). Build up of RPD memory is proportional to the frequency of RSB deletes.


Ping does not go through device after WTR timer expires in ERPS scenario

On EX4300 series switches in Ethernet Ring Protection Switching (ERPS) scenario, control plane might assign more than one STP instance to a VLAN on ERPS ring after system reboot, this will cause Ping packets forwarding issue.


Junos OS: Login credentials are vulnerable to brute force attacks through the REST API (CVE-2019-0039)

Junos OS: Login credentials are vulnerable to brute force attacks through the REST API (CVE-2019-0039); Refer to for more information.


Junos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface (CVE-2019-0040)

Junos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface (CVE-2019-0040); Refer to for more information.


The incorrect error number might be reported for syslog messages with prefix of %DAEMON-3-RPD_KRT_Q_RETRIES

Syslog messages with prefix of "%DAEMON-3-RPD_KRT_Q_RETRIES:" might report an incorrect error number.


Autonegotiation not working as expected Between ex4300 and SRX5800

Auto-negotiation (TRI SPEED 10/100) not working as expected Between mixed VCF ex4300 to other devices


PTX1K:flabel Mem alloc failure followed by FPC core

Over a period of time, network events such as route flaps and MBB scenario cause the PFE heap memory to get fragmented. This change improves memory management and reduces the chance of memory fragmentation.


Interface down due to "PFE Marked Disabled" on PECHIP causing traffic loss

Consider Ingress FPC to be up, fully Init and stable and follow below flow: We restart the egress FPC. It will come up and do its Block driver Init and program the PFE states. During fpc and ASIC initialization Init all global ASIC tables and during initialization we bring up paths for special path IFD's like RHI. After this FPC will send to RE (chasisd) FPC ONLINE message. As soon as this message is sent chaassid it will send IFD ATTACH to all cards. This will start the traffic in case of AE on Ingress card (The root problem). As soon as Ingress FPC start traffic a request will be generated that will traverse fabric path and reach FI which is the first block on egress. Since IFD Init is not complete on egress card this request will lookup in a queue mapping table, at this moment this table will point to an uninitialized value causing the traffic drops. This bug affects the multi slot PTX routers, single slot system like PTX1000 is not affected with this bug.


Invalid programming of interfaces during PFE initialization may lead to traffic black hole on PTX platform

While a PTX platform performs Packet Forwarding Engine (PFE) initialization, the PFE may not initialize interfaces data structure properly. This causes transit traffic drop while traffic egressing out of those interfaces. The problem is applicable only to PTX1000, PTX3000, PTX5000 and PTX10000.


The IPFIX flow stats are incorrect in the exported record

From Junos OS release 17.3R2 and above, the Internet Protocol Flow Information Export (IPFIX) flow stats (packet/byte counters) are incorrect in the exported record of QFX10K platform.


lt- interface gets deleted with tunnel-services configuration still present.

When tunnel interface is used as anchor-port in pseudo-wire services, while deleting the set interface config causing the tunnel-services interface to get deleted. Deleting pseudo serives alone will not have an effect on tunnel-services interfaces.


The host interface may stop sending packets on PTX with FPC3 or PTX1000 when using outbound firewall filter with syslog option

If output firewall filter is configured with "syslog" option, the host interface might be wedged on PTX with FPC3 or PTX1000.


Ukern memory leak and core crash in BGP environment

Ukern memory leak and fpc core crash might be happened when device configured link-node protection with labeled-bgp.


The FPC might go down on some vmhost based PTX/QFX platforms

On PTX1000/PTX10001-20C/PTX10002-60C/QFX10002-60C, the Flexible PIC Concentrator (FPC) might reboot which might result in the FPC not coming up or the system becoming unresponsive.


Junos OS:set system ports console insecure allows root password recovery on OAM volumes (CVE-2019-0035)

Junos OS: set system ports console insecure allows root password recovery on OAM volumes (CVE-2019-0035); Refer to for more information.


Disable reporting of correctable single-bit error on Hybrid Memory Cube (HMC) and prevent Major Alarm

Due to transient Hardware condition single-bit error (SBE) event are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possibly unnecessary Hardware replacements


The rpd might crash continuously when IPv6 prefix with IPv4 next-hop exists in BGP multipath scenario

In BGP scenario with multipath enabled, if applying import/export policy of IPv6 routes with a IPv4 next-hop to a BGP neighbor, the rpd might crash continuously.


The rpd crash might be seen if a BGP unresolved route is withdrawn

If an import policy is applied to a BGP neighbor and the policy has indirect IPv4 next-hop for IPv4 and IPv6 routes (IPv6 routes resolved over IPv4), when BGP unresolved route is withdrawn, rpd crash might be seen.


Junos OS: jdhcpd crash upon receipt of crafted DHCPv6 solicit message (CVE-2019-0037)

Junos OS: jdhcpd crash upon receipt of crafted DHCPv6 solicit message (CVE-2019-0037); Refer to for more information.


Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036)

Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036); Refer to for more information.


WITHDRAWN: Junos OS: gRPC hardcoded credentials may allow unauthorized access to systems with Junos Network Agent installed (REJECTED)

NO RISK. CVE REJECTED. 04-11-2019: Further investigation has determined that this issue has no impact. While the credentials exist in affected releases there is no way to exploit this issue, and even if the issue were exploitable, there would be no impact. Refer to for more information.


Vale: AVSP-4412 retimed port et-0/0/7 at JNP10K-LC1101 might fail to come up due to the retimer initialization failure upon the FPC reboot/OIR and a QSFP OIR

When Avago Re-timer access failes during initialization or during DFE tuning, the retimer will be reset and re-initialize in order to recover the port. This will be attempted 5 times after which the port link will remain down.


Indirect-next-hop pointing to unknown unilist stuck with weight 65535 after a link flap

When forwarding chain is unilist_1->indirect-next-hop->unilist_2, any change in unilist_2 active member list will be absorbed by indirect-next-hop in the chain and the change will not be back propagated to top-level unilist_1. If a link flap will cause indirect-next-hop pointing to unilist_2 stuck with weight 65535 and further causing traffic blackholing.


hostname does not update at FPC shell after system configuration change on CLI

On PTX platform, hostname does not update at FPC shell after host name change unless FPC reboot.


RSVP Path error received on PSB:2 ( new path calculated by CSPF) is not treated as Optimization when CSPF is computed and optimization retry is not honoring 2^retry + rsvp-error-hold-time

The optimization timer is being updated in an incorrect manner in the code path. Due to this a particular check fails when the exponential increase function is called. This code path has been fixed.


Fixing PF Core voltage on JNP10008-SF and JNP10016-SF

certain JNP10008-SF and JNP10016-SF manufactured between July 2018 to March 2019 may have incorrect core voltage setting. The issue can be corrected by re-programmed the core voltage and updated the setting in NVRAM memory.


AVSP 27 retimer SERDES 11 MDIO timed out during DFE tuning with "Serdes Error: SBUS interface stuck"

Insufficient Hold Time delay of MDIO for port 7, 9, 17, 19, 27, 29 can cause misbehavior on the retimer associated with these ports. Port will be down until rebooting of the FPC.

Modification History:
First publication 2019-04-25
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search