Knowledge Search


×
 

17.2R1-S8: Software Release Notification for Junos Software Service Release version 17.2R1-S8

  [TSB17563] Show Article Properties


Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, VMX, VRR
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

unos Software service Release version 17.2R1-S8 is now available.

The following are incremental changes in 17.2R1-S8.

 
PR Number Synopsis Description
1022383

Hostname under FPC shell isn't taken effect after changing system hostname.

Hostname under FPC shell isn't taken effect after changing system hostname.

1115686

RPD memory leak caused by repeated RSVP RSB (reservation state block) deletes

When an RSVP path is deleted (because of LSP deletion or switch-over to new path) RSB (Reservation state block) data structure has to be deleted to free up memory. When RSB deletion is performed, LSP attribute object in RSB is not deleted by RPD. This causes build up of RPD memory usage over a period of time (memory leak). Build up of RPD memory is proportional to the frequency of RSB deletes.

1132770

Ping does not go through device after WTR timer expires in ERPS scenario

On EX4300 series switches in Ethernet Ring Protection Switching (ERPS) scenario, control plane might assign more than one STP instance to a VLAN on ERPS ring after system reboot, this will cause Ping packets forwarding issue.

1289313

Junos OS: Login credentials are vulnerable to brute force attacks through the REST API (CVE-2019-0039)

Junos OS: Login credentials are vulnerable to brute force attacks through the REST API (CVE-2019-0039); Refer to https://kb.juniper.net/JSA10928 for more information.

1296262

Junos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface (CVE-2019-0040)

Junos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface (CVE-2019-0040); Refer to https://kb.juniper.net/JSA10929 for more information.

1310812

The incorrect error number might be reported for syslog messages with prefix of %DAEMON-3-RPD_KRT_Q_RETRIES

Syslog messages with prefix of "%DAEMON-3-RPD_KRT_Q_RETRIES:" might report an incorrect error number.

1311458

Autonegotiation not working as expected Between ex4300 and SRX5800

Auto-negotiation (TRI SPEED 10/100) not working as expected Between mixed VCF ex4300 to other devices

1318595

PTX1K:flabel Mem alloc failure followed by FPC core

Over a period of time, network events such as route flaps and MBB scenario cause the PFE heap memory to get fragmented. This change improves memory management and reduces the chance of memory fragmentation.

1320413

Interface down due to "PFE Marked Disabled" on PECHIP causing traffic loss

Consider Ingress FPC to be up, fully Init and stable and follow below flow: We restart the egress FPC. It will come up and do its Block driver Init and program the PFE states. During fpc and ASIC initialization Init all global ASIC tables and during initialization we bring up paths for special path IFD's like RHI. After this FPC will send to RE (chasisd) FPC ONLINE message. As soon as this message is sent chaassid it will send IFD ATTACH to all cards. This will start the traffic in case of AE on Ingress card (The root problem). As soon as Ingress FPC start traffic a request will be generated that will traverse fabric path and reach FI which is the first block on egress. Since IFD Init is not complete on egress card this request will lookup in a queue mapping table, at this moment this table will point to an uninitialized value causing the traffic drops. This bug affects the multi slot PTX routers, single slot system like PTX1000 is not affected with this bug.

1331299

Invalid programming of interfaces during PFE initialization may lead to traffic black hole on PTX platform

While a PTX platform performs Packet Forwarding Engine (PFE) initialization, the PFE may not initialize interfaces data structure properly. This causes transit traffic drop while traffic egressing out of those interfaces. The problem is applicable only to PTX1000, PTX3000, PTX5000 and PTX10000.

1347229

The IPFIX flow stats are incorrect in the exported record

From Junos OS release 17.3R2 and above, the Internet Protocol Flow Information Export (IPFIX) flow stats (packet/byte counters) are incorrect in the exported record of QFX10K platform.

1350733

lt- interface gets deleted with tunnel-services configuration still present.

When tunnel interface is used as anchor-port in pseudo-wire services, while deleting the set interface config causing the tunnel-services interface to get deleted. Deleting pseudo serives alone will not have an effect on tunnel-services interfaces.

1354580

The host interface may stop sending packets on PTX with FPC3 or PTX1000 when using outbound firewall filter with syslog option

If output firewall filter is configured with "syslog" option, the host interface might be wedged on PTX with FPC3 or PTX1000.

1366823

Ukern memory leak and core crash in BGP environment

Ukern memory leak and fpc core crash might be happened when device configured link-node protection with labeled-bgp.

1367477

The FPC might go down on some vmhost based PTX/QFX platforms

On PTX1000/PTX10001-20C/PTX10002-60C/QFX10002-60C, the Flexible PIC Concentrator (FPC) might reboot which might result in the FPC not coming up or the system becoming unresponsive.

1368998

Junos OS:set system ports console insecure allows root password recovery on OAM volumes (CVE-2019-0035)

Junos OS: set system ports console insecure allows root password recovery on OAM volumes (CVE-2019-0035); Refer to https://kb.juniper.net/JSA10924 for more information.

1384435

Disable reporting of correctable single-bit error on Hybrid Memory Cube (HMC) and prevent Major Alarm

Due to transient Hardware condition single-bit error (SBE) event are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possibly unnecessary Hardware replacements

1390428

The rpd might crash continuously when IPv6 prefix with IPv4 next-hop exists in BGP multipath scenario

In BGP scenario with multipath enabled, if applying import/export policy of IPv6 routes with a IPv4 next-hop to a BGP neighbor, the rpd might crash continuously.

1391568

The rpd crash might be seen if a BGP unresolved route is withdrawn

If an import policy is applied to a BGP neighbor and the policy has indirect IPv4 next-hop for IPv4 and IPv6 routes (IPv6 routes resolved over IPv4), when BGP unresolved route is withdrawn, rpd crash might be seen.

1391983

Junos OS: jdhcpd crash upon receipt of crafted DHCPv6 solicit message (CVE-2019-0037)

Junos OS: jdhcpd crash upon receipt of crafted DHCPv6 solicit message (CVE-2019-0037); Refer to https://kb.juniper.net/JSA10926 for more information.

1394922

Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036)

Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036); Refer to https://kb.juniper.net/JSA10925 for more information.

1394927

WITHDRAWN: Junos OS: gRPC hardcoded credentials may allow unauthorized access to systems with Junos Network Agent installed (REJECTED)

NO RISK. CVE REJECTED. 04-11-2019: Further investigation has determined that this issue has no impact. While the credentials exist in affected releases there is no way to exploit this issue, and even if the issue were exploitable, there would be no impact. Refer to https://kb.juniper.net/JSA10923 for more information.

1409585

Vale: AVSP-4412 retimed port et-0/0/7 at JNP10K-LC1101 might fail to come up due to the retimer initialization failure upon the FPC reboot/OIR and a QSFP OIR

When Avago Re-timer access failes during initialization or during DFE tuning, the retimer will be reset and re-initialize in order to recover the port. This will be attempted 5 times after which the port link will remain down.

1409632

Indirect-next-hop pointing to unknown unilist stuck with weight 65535 after a link flap

When forwarding chain is unilist_1->indirect-next-hop->unilist_2, any change in unilist_2 active member list will be absorbed by indirect-next-hop in the chain and the change will not be back propagated to top-level unilist_1. If a link flap will cause indirect-next-hop pointing to unilist_2 stuck with weight 65535 and further causing traffic blackholing.

1412318

hostname does not update at FPC shell after system configuration change on CLI

On PTX platform, hostname does not update at FPC shell after host name change unless FPC reboot.

1416948

RSVP Path error received on PSB:2 ( new path calculated by CSPF) is not treated as Optimization when CSPF is computed and optimization retry is not honoring 2^retry + rsvp-error-hold-time

The optimization timer is being updated in an incorrect manner in the code path. Due to this a particular check fails when the exponential increase function is called. This code path has been fixed.

1420864

Fixing PF Core voltage on JNP10008-SF and JNP10016-SF

certain JNP10008-SF and JNP10016-SF manufactured between July 2018 to March 2019 may have incorrect core voltage setting. The issue can be corrected by re-programmed the core voltage and updated the setting in NVRAM memory.

1421075

AVSP 27 retimer SERDES 11 MDIO timed out during DFE tuning with "Serdes Error: SBUS interface stuck"

Insufficient Hold Time delay of MDIO for port 7, 9, 17, 19, 27, 29 can cause misbehavior on the retimer associated with these ports. Port will be down until rebooting of the FPC.

Modification History:
First publication 2019-04-25
Related Links: