Knowledge Search


×
 

17.2R3-S1: Software Release Notification for Junos Software Service Release version 17.2R3-S1

  [TSB17567] Show Article Properties


Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, VMX, VRR, Network Agent
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 17.2R3-S1 is now available.

The following are incremental changes in 17.2R3-S1.

 
PR Number Synopsis Description
1022383

Hostname under FPC shell isn't taken effect after changing system hostname.

Hostname under FPC shell isn't taken effect after changing system hostname.

1285198

SNMP process is not running on QFX Series switches with incorrect source addresses.

QFX3500: The SNMP daemon is not running on Junos OS devices with incorrect source addresses.

1289313

Junos OS: Login credentials are vulnerable to brute force attacks through the REST API (CVE-2019-0039)

Junos OS: Login credentials are vulnerable to brute force attacks through the REST API (CVE-2019-0039); Refer to https://kb.juniper.net/JSA10928 for more information.

1327099

GRE interface might not come up after deactivate/activating the routing-instances

GRE interface might not come up after deactivating/activating the routing-instances or related changes that might result in route table change.

1331299

Invalid programming of interfaces during PFE initialization may lead to traffic black hole on PTX platform

While a PTX platform performs Packet Forwarding Engine (PFE) initialization, the PFE may not initialize interfaces data structure properly. This causes transit traffic drop while traffic egressing out of those interfaces. The problem is applicable only to PTX1000, PTX3000, PTX5000 and PTX10000.

1345085

After ISSU upgrade this continuous error message is seen: ms50 mspmand[229]: SA handle not installed

SA handle not installed message can be seen during issu upgrade.

1362324

JDI-RCT:M/Mx: Traffic loss of 1% is seen during GRES phase of ISSU from 17.3-20180527.0 to17.3-20180527.0

JDI-RCT:M/Mx: Traffic loss of 1% is seen during GRES phase of ISSU from 17.3-20180527.0 to17.3-20180527.0

1366218

SFP-T might not work on QFX5100/QFX5110 devices

In a mixed mode Virtual Chassis of QFX5100 and QFX5110 or standalone switch with QFX5e series switch Junos version, interfaces based on SFP-T on the device will not transition to up state.

1366823

Ukern memory leak and core crash in BGP environment

Ukern memory leak and fpc core crash might be happened when device configured link-node protection with labeled-bgp.

1367477

The FPC might go down on some vmhost based PTX/QFX platforms

On PTX1000/PTX10001-20C/PTX10002-60C/QFX10002-60C, the Flexible PIC Concentrator (FPC) might reboot which might result in the FPC not coming up or the system becoming unresponsive.

1368998

Junos OS:set system ports console insecure allows root password recovery on OAM volumes (CVE-2019-0035)

Junos OS: set system ports console insecure allows root password recovery on OAM volumes (CVE-2019-0035); Refer to https://kb.juniper.net/JSA10924 for more information.

1376504

On EX4300-48MP, syslog error "Error in bcm_port_sample_rate_set(ifl_cmd) : Reason Invalid port" is seen.

On EX4300-48MP, while running regression scripts, got syslog error "On EX4300-48MP, while running regression scripts, got"

1380294

There is an inconsistency in applying scheduler map with excess-rate on the physical interface and AE interface

On QFX5100/QFX5110/QFX5120/QFX5200/QFX5210 Series platforms, there is an inconsistency when applying a scheduler map with excess-rate on the physical interface and aggregated ethernet (AE) interface. The excess-rate is not supported on the physical interface, but it could be committed successfully on the AE interface containing that physical interface with the same excess-rate parameter.

1381545

The 40G-SR4 transceiver might not be recognized after upgrading to qfx5100e OS

On the QFX5100 platform, after upgrading from a 'qfx5100' OS to a 'qfx5100e' OS via CLI (not via USB media), the 40G-SR4 transceiver might not be recognized, resulting in the invalidation. The chassis must be power cycle off/on to recover.

1390428

The rpd might crash continuously when IPv6 prefix with IPv4 next-hop exists in BGP multipath scenario

In BGP scenario with multipath enabled, if applying import/export policy of IPv6 routes with a IPv4 next-hop to a BGP neighbor, the rpd might crash continuously.

1391568

The rpd crash might be seen if a BGP unresolved route is withdrawn

If an import policy is applied to a BGP neighbor and the policy has indirect IPv4 next-hop for IPv4 and IPv6 routes (IPv6 routes resolved over IPv4), when BGP unresolved route is withdrawn, rpd crash might be seen.

1391983

Junos OS: jdhcpd crash upon receipt of crafted DHCPv6 solicit message (CVE-2019-0037)

Junos OS: jdhcpd crash upon receipt of crafted DHCPv6 solicit message (CVE-2019-0037); Refer to https://kb.juniper.net/JSA10926 for more information.

1392704

The ppmd on RE may run with high CPU utilization after RE switchover

In the rare case, ppmd on RE might stay high cpu usage after RE master switch event. There will be no impact on this problem.

1393628

10G copper link flapping might happen during TISSU operation of QFX5100-48T switches

On QFX5100-48T switches, when doing TISSU (Topology Independent In-Service Software Upgrade) operation, link flaps on 10G copper interfaces might be observed on the peer device. These flaps might cause unexpected failover of the connected PC/servers, which results in service impact.

1394922

Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036)

Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036); Refer to https://kb.juniper.net/JSA10925 for more information.

1394927

WITHDRAWN: Junos OS: gRPC hardcoded credentials may allow unauthorized access to systems with Junos Network Agent installed (REJECTED)

NO RISK. CVE REJECTED. 04-11-2019: Further investigation has determined that this issue has no impact. While the credentials exist in affected releases there is no way to exploit this issue, and even if the issue were exploitable, there would be no impact. Refer to https://kb.juniper.net/JSA10923 for more information.

1396470

The subscriber bindings might not be successful on QFX/EX platforms

On QFX/EX platforms, when bringing up clients (most likely in DHCP/PPP subscriber scenario), the subscribers might fail to bind. The reason is that when installing new software images, it might cause shared memory (created by previously running image) not to be cleared out. The issue will persist until the previous values in shared memory are removed and the daemons affected by the data in shared memory may continue core/crash and thus they will not be able to function properly.

1398128

On QFX5100/EX4600 platforms, PR1398128 changed not to display the 3rd temp sensor for Power Supply units in the output by "show chassis environment pem" but need to revert the fix.

On QFX5100/EX4600 platforms, PR1398128 changed not to display the 3rd temp sensor for Power Supply units in the output by "show chassis environment pem" but need to revert the fix.

1399141

Junos OS: BGP packets can trigger rpd crash when BGP tracing is enabled. (CVE-2019-0019)

Junos OS: BGP packets can trigger rpd crash when BGP tracing is enabled. (CVE-2019-0019); Refer to https://kb.juniper.net/JSA10931 for more information.

1400716

Only one PFE could be disabled on FPC with multiple PFEs in error/wedge condition

On MX, PTX and QFX platforms with Chassis Manager (CM) error reporting, if Flexible PIC Concentrator (FPC) has multiple Packet Forwarding Engines (PFEs) in which one of PFEs goes into wedge condition, due to this issue, the wedge condition might be reported continuously even after disable_pfe action has been taken for the corresponding PFE. Due to this issue, when CMERROR message queue is saturated and the level report-limit is reached (e.g. 10 major errors), the wedge condition on the other PFE within the same FPC will be ignored and not be able to trigger disable_pfe action any more. This issue might cause some traffic being blackholed.

1402140

The rpd might be stuck at 100% when auto-export and BGP add-path are configured

On all Junos platforms, when auto-export is configured in two Virtual Private Network (VPN) Routing and Forwarding (VRF) instances, the routes get exported from/to each other, in this case, if add-path is also configured in Border Gateway Protocol (BGP) protocol (even in an unrelated peer group), the rpd process might be stuck at 100% CPU utilization due to the infinite loop of route flashing in VRFs.

1404351

The rpd crash due to memory corruption in EVPN

In Ethernet VPN (EVPN) active/active multi-homing scenario with MPLS encapsulation, toggling of multi-homed interface might cause memory corruption leading to rpd crash.

1404756

12th and 13th SFP-T ports on the NFX250 device are going down with the 18.4R1.3 image installation

On an NFX250, an SFP-T interface will not become active (UP) when it is plugged into either a ge-12/0/0 or a ge-13/0/0 interface.

1405168

Traffic drop is seen on EX4300 when 10G Fiber port is using 1 Gigabit Ethernet SFP optics with Auto-Negotiation enabled

Traffic drop is seen on EX4300 when 10G Fiber port is using 1 Gigabit Ethernet SFP optics with Auto-Negotiation enabled. Auto-Negotiation is enabled by default on these ports. This issue is applicable to EX4300 platforms using 10G Fiber ports supporting 1G optics in any of the applicable PIC ( PIC0 last 4 ports and PIC2 of EX4300-32F and PIC2 of EX4300-24/48 T/P ). Traffic will not egress out of these ports and the peer will not receive the traffic.

1405495

DHCP Not working for some clients in dual AD fusion setup on EP ports.

DHCP Not working for some clients in dual AD fusion setup on EP ports. When the SD is not reachable to the peer AD sdpd sends color 0 for color type MCAE and kernel is sending 0 to AD PFE. kernel has to convert this color to 0xFF before sending it to AD PFE.

1408817

Traffic drop occurs when deleting MPLS family or disabling interface which has non-default EXP rewrite-rules

The non-VPN packets might be dropped when deleting family MPLS or disabling interface which has non-default EXP rewrite-rules. This is due to a cos-rewrite mask programming issue in Packet Forwarding Engine (PFE).

1412318

hostname does not update at FPC shell after system configuration change on CLI

On PTX platform, hostname does not update at FPC shell after host name change unless FPC reboot.

1420082

Commit error will be seen but the commit is processed if adding more than o

On EX, MX and T platforms, if "automatic-site-id is configured in BGP signalled VPLS scenario, when adding more than one site under "protocols vpls" in the VPLS routing-instances, the wrong configuration commit will be processed.

1422958

QFX5100-48T 10G interface might be auto-negotiated at 1G speed instead of 10G

QFX5100-48T 10G interface might be auto-negotiated at 1G speed instead of 10G after peer device reboot. This issue will cause link down and impact customer service.

Modification History:
First publication 2019-05-10
Related Links: