Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.1R2-S11: Software Release Notification for JUNOS Software Version 17.1R2-S11

0

0

Article ID: TSB17714 TECHNICAL_BULLETINS Last Updated: 31 Jan 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
MX, PTX, VMX, VRR, QFX5K/10K, EX, ACX
Alert Description:
Junos Software Service Release version 17.1R2-S11 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 17.1R2-S11 is now available.

17.1R2-S11 - List of Fixed issues

PR Number Synopsis Category: Firewall Filter
1473093 Traffic might not be forwarded into the right queue but the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5
 
On the MX platform with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue.
PR Number Synopsis Category: Ethernet OAM (LFM)
1443353 The cfmd process might crash after a restart on Junos 17.1R1 and above
 
On MX platforms running Junos 17.1R1 and above, when enhanced-ip mode and CFM centralized mode ("no-aggregate-delegate-processing" konb is configured for CFM) are used , after a cfmd restart (e.g. device cold start/restart, RE switchover), the cfmd process might crash and could not run anymore.
PR Number Synopsis Category: jdhcpd daemon
1449353 Junos OS and Junos OS Evolved: Multiple vulnerabilities in JDHCPD allow for OS command injection and code execution of JDHCPD
 
A device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process configured relay mode is vulnerable to multiple vulnerabilities which allow an attacker to send crafted packets who may arbitrarily execute commands as root on the target device, or who may take over the code execution of the JDHDCP process. Refer to https://kb.juniper.net/JSA10981 for more information.
PR Number Synopsis Category: Security platform jweb support
1434553 Junos OS: Cross-Site Scripting (XSS) in J-Web
 
Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. Please refer to https://kb.juniper.net/JSA10986 for more details.
PR Number Synopsis Category: Multiprotocol Label Switching
1402185 JSA10979 Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon. (CVE-2020-1600)
 
In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA10979 for more information.
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1443576 Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device. (CVE-2020-1603)
 
Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. Refer to https://kb.juniper.net/JSA10982 for more information.
PR Number Synopsis Category: Path computation client daemon
1395205 Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash. [CVE-2020-1601]
 
Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Element (PCE) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA10980 for more information.
PR Number Synopsis Category: Resource Reservation Protocol
1368177 RPD might restart after an MPLS LSP flap if "no-cspf" and "fast-reroute" are configured in an LSR ingress router.
 
RPD may restart unexpectedly after an MPLS LSP flap when "no-cspf" and "fast-reroute" are configured in LSR ingress router
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search