Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.2R1-S8.10: Software Release Notification for Junos Software Service Release version 17.2R1-S8.10

0

0

Article ID: TSB17563 TECHNICAL_BULLETINS Last Updated: 03 Mar 2020Version: 2.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, VMX, VRR
Alert Description:
2020-03-03 - JUNOS Software version 17.2R1-S8.9 has been replaced with 17.2R1-S8.10 - see TSB17737 for more detail.

The additional change from 17.2R1-S8.9 which is included in 17.2R1-S8.10 is the following PR:
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1443576 Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device. (CVE-2020-1603)
 
Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. Refer to https://kb.juniper.net/JSA10982 for more information.


An updated version of the Junos Software Service Release version 17.2R1-S8 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 17.2R1-S8.10 is now available.

The following are software changes in 17.2R1-S8

PR Number Synopsis Category: EX4300 PFE
1132770 Ping does not go through device after WTR timer expires in ERPS scenario
 
On EX4300 series switches in Ethernet Ring Protection Switching (ERPS) scenario, control plane might assign more than one STP instance to a VLAN on ERPS ring after system reboot, this will cause Ping packets forwarding issue.
PR Number Synopsis Category: EX4300 Platform
1311458 Autonegotiation not working as expected Between ex4300 and SRX5800
 
Auto-negotiation (TRI SPEED 10/100) not working as expected Between mixed VCF ex4300 to other devices
PR Number Synopsis Category: QFX Control Plane Analyzer related
1347229 The IPFIX flow stats are incorrect in the exported record
 
From Junos OS release 17.3R2 and above, the Internet Protocol Flow Information Export (IPFIX) flow stats (packet/byte counters) are incorrect in the exported record of QFX10K platform.
PR Number Synopsis Category: "agentd" software daemon
1394927 WITHDRAWN: Junos OS: gRPC hardcoded credentials may allow unauthorized access to systems with Junos Network Agent installed (REJECTED)
 
NO RISK. CVE REJECTED. 04-11-2019: Further investigation has determined that this issue has no impact. While the credentials exist in affected releases there is no way to exploit this issue, and even if the issue were exploitable, there would be no impact. Refer to https://kb.juniper.net/JSA10923 for more information.
PR Number Synopsis Category: Border Gateway Protocol
1366823 Ukern memory leak and core crash in BGP environment
 
Ukern memory leak and fpc core crash might be happened when device configured link-node protection with labeled-bgp.
1390428 The rpd might crash continuously when IPv6 prefix with IPv4 next-hop exists in BGP multipath scenario
 
In BGP scenario with multipath enabled, if applying import/export policy of IPv6 routes with IPv4 next hop to a BGP neighbor, the rpd might crash continuously.
1391568 The rpd crash might be seen if a BGP unresolved route is withdrawn
 
If an import policy is applied to a BGP neighbor and the policy has indirect IPv4 next hop for IPv4 and IPv6 routes (IPv6 routes resolved over IPv4), when BGP unresolved route is withdrawn, rpd crash might be seen.
PR Number Synopsis Category: MX Platform SW - FRU Management
1022383 Hostname under FPC shell isn't taken effect after changing system hostname.
 
Hostname under FPC shell isn't taken effect after changing system hostname.
PR Number Synopsis Category: OpenSSL and related subsystems
1419533 Junos OS: OpenSSL Security Advisory [26 Feb 2019]
 
The OpenSSL project has published a security advisory for a vulnerability resolved in the OpenSSL library on February 28, 2019. Refer to https://kb.juniper.net/JSA10949 for more information.
PR Number Synopsis Category: Firewall Filter
1394922 Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036)
 
Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036); Refer to https://kb.juniper.net/JSA10925 for more information.
PR Number Synopsis Category: mgd, ddl, odl infra issues
1406219 Junos OS: Insecure management daemon (MGD) configuration may allow local privilege escalation (CVE-2019-0061)
 
The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a local, authenticated user may be able to exploit this vulnerability to gain administrative privileges.
PR Number Synopsis Category: Express PFE CoS Features
1320413 Interface down due to "PFE Marked Disabled" on PECHIP causing traffic loss
 
Consider Ingress FPC to be up, fully Init and stable and follow below flow: We restart the egress FPC. It will come up and do its Block driver Init and program the PFE states. During fpc and ASIC initialization Init all global ASIC tables and during initialization we bring up paths for special path IFD's like RHI. After this FPC will send to RE (chasisd) FPC ONLINE message. As soon as this message is sent chaassid it will send IFD ATTACH to all cards. This will start the traffic in case of AE on Ingress card (The root problem). As soon as Ingress FPC start traffic a request will be generated that will traverse fabric path and reach FI which is the first block on egress. Since IFD Init is not complete on egress card this request will lookup in a queue mapping table, at this moment this table will point to an uninitialized value causing the traffic drops. This bug affects the multi slot PTX routers, single slot system like PTX1000 is not affected with this bug.
1331299 Invalid programming of interfaces during PFE initialization may lead to traffic black hole on PTX platform
 
While a PTX platform performs Packet Forwarding Engine (PFE) initialization, the PFE may not initialize interfaces data structure properly. This causes transit traffic drop while traffic egressing out of those interfaces. The problem is applicable only to PTX1000, PTX3000, PTX5000 and PTX10000.
PR Number Synopsis Category: Express PFE FW Features
1354580 Adding a warning when commit that the host interface may stop sending packets on PTX1K, PTX5K and PTX10K when using outbound firewall filter with syslog option
 
If output firewall filter is configured with the "syslog" or log option, the host interface might be wedged on PTX1K, PTX5K and PTX10K. The change in this PR is to add the warning but does not prevent the problem which the host interface stop sending packets. This condition may occur if all below conditions are met: 1) Packet which is hitting the filter term should be less than 128 bytes 2) Output firewall filter has syslog, log or port-mirror & accept action. Sample configuration for V4 & V6: set interfaces unit family inet filter output set firewall family inet filter term 1 then log set firewall family inet filter term 1 then accept set interfaces unit family inet6 filter output set firewall family inet6 filter term 1 then log set firewall family inet6 filter term 1 then accept
PR Number Synopsis Category: Express PFE L3 Features
1318595 PTX1K:flabel Mem alloc failure followed by FPC core
 
Over a period of time, network events such as route flaps and MBB scenario cause the PFE heap memory to get fragmented. This change improves memory management and reduces the chance of memory fragmentation.
1409632 Indirect-next-hop pointing to unknown unilist stuck with weight 65535 may occur after a link flap
 
In the scenario where BGP multipath is enabled, there are multiple ecmp paths to indirect-next-hop, such as multiple lsp or ae, when forwarding chain is unilist_1->indirect-next-hop->unilist_2, any change in unilist_2 active member list will be absorbed by indirect-next-hop in the chain and the change will not be backpropagated to top-level unilist_1. If a link flaps it will cause indirect-next-hop pointing to unilist_2 stuck with weight 65535 and further causing traffic blackholing.
PR Number Synopsis Category: PTX Express ASIC interface
1429315 Some ports on PTX might remain down after rebooting the FPC/device at remote side
 
On PTX3000/5000 with FPC3 installed, some 100G ports might remain down after rebooting the FPC/device at remote side.
PR Number Synopsis Category: PTX Express ASIC platform
1384435 An enhancement of optimizing the report to the single-bit error check
 
Due to transient hardware conditions, single-bit error (SBE) events are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possibly unnecessary hardware replacements. This change applies to all Platforms using Hybrid Memory Controller (HMC).
PR Number Synopsis Category: jdhcpd daemon
1391983 Junos OS: jdhcpd crash upon receipt of crafted DHCPv6 solicit message (CVE-2019-0037)
 
Junos OS: jdhcpd crash upon receipt of crafted DHCPv6 solicit message (CVE-2019-0037); Refer to https://kb.juniper.net/JSA10926 for more information.
PR Number Synopsis Category: Security platform jweb support
1410400 Junos OS: Persistent XSS vulnerability in J-Web (CVE-2019-0047)
 
A persistent Cross-Site Scripting (XSS) vulnerability in the Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions on J-Web.
PR Number Synopsis Category: Multiprotocol Label Switching
1416948 RSVP Path error received on a new LSP (new path calculated by CSPF) is not treated as Optimization
 
The retry timer of a new MPLS LSP is set incorrectly if the LSP receives a PATH Error message while signaling.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1296262 Junos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface (CVE-2019-0040)
 
Junos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface (CVE-2019-0040); Refer to https://kb.juniper.net/JSA10929 for more information.
1367477 The FPC might go down on some vmhost based PTX/QFX platforms
 
On PTX1000/PTX10001-20C/PTX10002-60C/QFX10002-60C, the Flexible PIC Concentrator (FPC) might reboot which might result in the FPC not coming up or the system becoming unresponsive.
1367477 The FPC might go down on some vmhost based PTX/QFX platforms
 
On PTX1000/PTX10001-20C/PTX10002-60C/QFX10002-60C, the Flexible PIC Concentrator (FPC) might reboot which might result in the FPC not coming up or the system becoming unresponsive.
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1443576 Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device. (CVE-2020-1603)
 
Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. Refer to https://kb.juniper.net/JSA10982 for more information.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1409847 Junos OS: Insufficient validation of environment variables in telnet client may lead to stack-based buffer overflow (CVE-2019-0053)
 
In Junos OS, insufficient validation of environment variables in telnet client may lead to a stack-based buffer overflow (CVE-2019-0053); Refer to https://kb.juniper.net/JSA10947 for more information.
PR Number Synopsis Category: RPD Interfaces related issues
1115686 RPD memory leak caused by repeated RSVP RSB (reservation state block) deletes
 
When an RSVP path is deleted (because of LSP deletion or switch-over to new path) RSB (Reservation state block) data structure has to be deleted to free up memory. When RSB deletion is performed, LSP attribute object in RSB is not deleted by RPD. This causes build up of RPD memory usage over a period of time (memory leak). Build up of RPD memory is proportional to the frequency of RSB deletes.
PR Number Synopsis Category: KRT Queue issues within RPD
1310812 The incorrect error number might be reported for syslog messages with prefix of %DAEMON-3-RPD_KRT_Q_RETRIES
 
Syslog messages with prefix of "%DAEMON-3-RPD_KRT_Q_RETRIES:" might report an incorrect error number.
PR Number Synopsis Category: MX10003/MX204 MPC defects tracking
1336575 Random JUNOS MPC7|8|9E cards failed to start after software upgrade with PFE syslog message "BIST has detected error, err code id ". Internal BIST failed
 
Random JUNOS MPC7|8|9E card BIST has detected error, err code id and fail to initalize after software upgrade In software fix, we enhance HMC for NVM write.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1350733 lt- interface gets deleted with tunnel-services configuration still present.
 
When tunnel interface is used as anchor-port in pseudo-wire services, while deleting the set interface config causing the tunnel-services interface to get deleted. Deleting pseudo serives alone will not have an effect on tunnel-services interfaces.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1289313 Junos OS: Login credentials are vulnerable to brute force attacks through the REST API (CVE-2019-0039)
 
Junos OS: Login credentials are vulnerable to brute force attacks through the REST API (CVE-2019-0039); Refer to https://kb.juniper.net/JSA10928 for more information.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1368998 Junos OS:set system ports console insecure allows root password recovery on OAM volumes (CVE-2019-0035)
 
Junos OS: set system ports console insecure allows root password recovery on OAM volumes (CVE-2019-0035); Refer to https://kb.juniper.net/JSA10924 for more information.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1408204 The link flaps occur when a 100g QSFP is inserted into PTX which LFM (Link-Fault Management) is configured
 
When a 100g QSFP is inserted into FPC on PTX, all the other interfaces on that FPC and the other FPCs might flap, since these interfaces are configured the smaller "pdu-interval" value of LFM.
1409585 The port at FPC(e.g. JNP10K-LC1101) might fail to come up
 
On rare occasions, the port at FPC(e.g. JNP10K-LC1101) might fail to come up due to the retimer initialization failure upon the FPC reboot/OIR and a QSFP OIR.
1409585 The port at FPC(e.g. JNP10K-LC1101) might fail to come up
 
On rare occasions, the port at FPC(e.g. JNP10K-LC1101) might fail to come up due to the retimer initialization failure upon the FPC reboot/OIR and a QSFP OIR.
1412318 hostname does not update at FPC shell after system configuration change on CLI
 
On PTX platform, hostname does not update at FPC shell after host name change unless FPC reboot.
1420864 PF Core Voltage is not set as per the required e-fuse value and remains to default value (0.9V) on JNP10008-SF and JNP10016-SF
 
Certain JNP10008-SF and JNP10016-SF manufactured between July 2018 and March 2019 might have incorrect core voltage setting. The issue can be corrected by reprogramming the core voltage and updating the setting in nvram memory.
1421075 An interface may go to downstate on QFX10000/PTX10000 platform
 
On QFX10000/PTX10000 platform, an interface may go to downstate along with "FPC hard errors" due to Management Data Input/Output (MDIO) timeout. This is a timing issue and may be seen in some situations like FPC restart, port-speed change, link up/down, optics plug-in/plug-out.
1427883 On QFX10k/PTX10k platforms certain interfaces might go to down state
 
On QFX10k/PTX10k platforms, explicitly configured hold time value for certain interfaces might get reset to default value which lead to the related ports go down.
 

17.2R1-S8 - List of Known issues fixed in later releases

PR Number Synopsis Category: Border Gateway Protocol
1399141 Junos OS: BGP packets can trigger rpd crash when BGP tracing is enabled. (CVE-2019-0019)
 
Junos OS: BGP packets can trigger rpd crash when BGP tracing is enabled. (CVE-2019-0019); Refer to https://kb.juniper.net/JSA10931 for more information.
PR Number Synopsis Category: OpenSSH and related subsystems
1208815 2019-07 Security Bulletin: Junos OS: Multiple Vulnerabilities in OpenSSH
 
Multiple vulnerabilities have been resolved in Junos OS by updating third party software included with Junos OS or by fixing vulnerabilities found during internal testing. For further information refer to JSA10940.
PR Number Synopsis Category: Device Configuration Daemon
1221993 Identical IP address can be configured on different logical interfaces from different physical interfaces in the same routing-instance (including master routing-instance)
 
The same IP address could be configured on different logical interfaces from different physical interfaces in the same routing instance (including master routing instance), but only one logical interface was assigned with the identical address after commit. There was no warning during the commit, only syslog messages indicating incorrect configuration.
PR Number Synopsis Category: EA chips SW
1285315 The enhancement of reporting total SBE errors when the corrected singlebit errors threshold of 32 is exceeded for MPC7E/MPC8E/MPC9E
 
For MPC7E/MPC8E/MPC9E on MX platform, there is an enhancement to increase the threshold of corrected single-bit error from 32 to 1024 and change the alarm severity from Major to Minor for those error messages. There is no operational impact upon corrected single bit errors.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1395071 The arp request might be dropped when "chained-composite-next-hop ingress no-evpn" is configured in EVPN scenario
 
In EVPN, arp-suppression is not working when "chained-composite-next-hop ingress no-evpn" is enabled.
PR Number Synopsis Category: jdhcpd daemon
1333381 2019-04 Security Bulletin: Junos OS: jdhcpd daemon memory consumption Denial of Service when receiving specific IPv6 DHCP packets. (CVE-2019-0031)
 
Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Refer to JSA10920 for more information.
PR Number Synopsis Category: Security platform jweb support
1345330 Junos OS: J-Web Denial of Service due to multiple vulnerabilities in Embedthis Appweb Server
 
Junos OS J-Web Denial of Service due to multiple vulnerabilities in Embedthis Appweb Server; Refer to https://kb.juniper.net/JSA10948 for more information.
PR Number Synopsis Category: Multiprotocol Label Switching
1282369 The rpd on backup RE might crash when the rpd on master RE restarts
 
With nonstop active routing (NSR), when the routing protocol process (rpd) restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart.
PR Number Synopsis Category: Path computation client daemon
1395205 Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash. [CVE-2020-1601]
 
Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Element (PCE) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA10980 for more information.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1369365 Inter-VN and Intra-VN traffic between PEs is suspected to be affected when LT interface is used with the family bridge in service provider or enterprise style confguration
 
Inter-VN and Intra-VN traffic between PEs is suspected to be affected ONLY when LT interface is used with the family bridge in service provider or enterprise style configuration.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1420864 PF Core Voltage is not set as per the required e-fuse value and remains to default value (0.9V) on JNP10008-SF and JNP10016-SF
 
Certain JNP10008-SF and JNP10016-SF manufactured between July 2018 and March 2019 might have incorrect core voltage setting. The issue can be corrected by reprogramming the core voltage and updating the setting in nvram memory.
PR Number Synopsis Category: Virtual Private Networks - rpd
1356763 Junos OS: The routing protocol process (rpd) may crash and generate core files upon receipt of specific valid BGP states from a peered host. (CVE-2019-0059)
 
A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device.
PR Number Synopsis Category: VSRX platform software
1290331 Junos OS: vSRX, SRX1500, SRX4K, ACX5K, EX4600, QFX5100, QFX5110, QFX5200, QFX10K and NFX Series: console management port device authentication credentials are logged in clear text (CVE-2019-0069)
 
On vSRX, SRX1500, SRX4K, ACX5K, EX4600, QFX5100, QFX5110, QFX5200, QFX10K and NFX Series, when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text. Refer to https://kb.juniper.net/JSA10969 for more information.
Modification History:
Updated on 2020-03-03 for the replacement of 17.2R1-S8.9 with 17.2R1-S8.10
First publication 2019-04-25
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search