Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.3R2-S5: Software Release Notification for JUNOS Software Version 17.3R2-S5

0

0

Article ID: TSB17730 TECHNICAL_BULLETINS Last Updated: 24 Feb 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, PTX, MX, QFX, NFX, vMX, vRR
Alert Description:
Junos Software Service Release version 17.3R2-S5 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 17.3R2-S5 is now available.

17.3R2-S5 - List of Open issues

PR Number Synopsis Category: QFX Access control list
1026708 EX4300/EX4600/QFX3500/QFX5100 Series: Stateless IP firewall filter may fail to evaluate certain packets (CVE-2020-1604)
 
On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. Refer to https://kb.juniper.net/JSA10983 for more information.
1458027 Junos OS: EX4300/EX4600/QFX3500/QFX5100 Series: Stateless IP firewall filter may fail to evaluate certain packets (CVE-2020-1604)
 
On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. Refer to https://kb.juniper.net/JSA10983 for more information.
PR Number Synopsis Category: Border Gateway Protocol
1367147 Flowspec firewall may not be installed correctly after upgrade
 
Flowspec firewall may not be installed correctly after a software upgrade to JUNOS software with the fix for PR1323474
PR Number Synopsis Category: jdhcpd daemon
1449353 Junos OS and Junos OS Evolved: Multiple vulnerabilities in JDHCPD allow for OS command injection and code execution of JDHCPD
 
A device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process configured relay mode is vulnerable to multiple vulnerabilities which allow an attacker to send crafted packets who may arbitrarily execute commands as root on the target device, or who may take over the code execution of the JDHDCP process. Refer to https://kb.juniper.net/JSA10981 for more information.
PR Number Synopsis Category: Multiprotocol Label Switching
1282369 The rpd on backup RE might crash when the rpd on master RE restarts
 
With nonstop active routing (NSR), when the routing protocol process (rpd) restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1412457 Ethernet MAC addresses may not be learned after performing the "clear bridge mac table"
 
An LU-base MPC may not learn Ethernet MAC address after the "clear bridge mac table" command is issued. Examples of LU-based MPC are the MPC2/3/4 and MPC-3D-16XGE

17.3R2-S5 - List of Fixed issues

PR Number Synopsis Category: EX4300 PFE
1343402 JSA10983 Junos OS: EX4300/EX4600/QFX3500/QFX5100 Series: Stateless IP firewall filter may fail to evaluate certain packets (CVE-2020-1604)
 
On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. Refer to https://kb.juniper.net/JSA10983 for more information.
PR Number Synopsis Category: BBE network stack related issues
1432957 Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service
 
Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. Please refer to https://kb.juniper.net/JSA10987 for more details.
PR Number Synopsis Category: Express PFE CoS Features
1347805 QFX10000 platforms might encounter a chassis alarm indicating "FPC 0 Major Errors - PE Error code: 0x2100ba".
 
QFX10000 platforms may encounter a chassis alarm indicating "FPC 0 Major Errors - PE Error code: 0x2100ba". This error is incorrectly categorized as 'Major' and it can be safely ignored unless it is encountered with high frequency. Future Junos releases will recategorize this message to "Info" severity.
1450265 CoS classification does not work on QFX10K
 
On QFX10K platforms, under the scale scenario more than 500 AE IFLs, if the classifier configuration frequent churns or link flaps, the CoS classification will not work on the impacted interfaces.
PR Number Synopsis Category: Security platform jweb support
1431298 Junos OS: Path traversal vulnerability in J-Web
 
A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. Refer to https://kb.juniper.net/JSA10985 for more information.
1434553 Junos OS: Cross-Site Scripting (XSS) in J-Web
 
Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. Please refer to https://kb.juniper.net/JSA10986 for more details.
PR Number Synopsis Category: Multiprotocol Label Switching
1402185 JSA10979 Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon. (CVE-2020-1600)
 
In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA10979 for more information.
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1443576 Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device. (CVE-2020-1603)
 
Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. Refer to https://kb.juniper.net/JSA10982 for more information.
PR Number Synopsis Category: Kernel socket data replication
1472519 The kernel may crash and vmcore may be observed after configuration change is committed
 
On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure.
PR Number Synopsis Category: Path computation client daemon
1395205 Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash. [CVE-2020-1601]
 
Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Element (PCE) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA10980 for more information.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1354582 The alarm errors might be seen during the bootup on QFX10000
 
On QFX10000 Series switches, you may see an "FPC Major Errors - PE Error code: 0x2104be" alarm if the FPC has an interface that is not up. The alarm will be clear later on.
PR Number Synopsis Category: QFX VC Infrastructure
1414492 VC Ports using DAC may not establish link on QFX5200
 
On QFX5200, when virtual-chassis is configured, if the QSFP configured as VCP is removed and then inserted, VC Ports using direct attach copper (DAC) may not establish link.
PR Number Synopsis Category: VMHOST platforms software
1398333 Junos OS: NFX150 Series, QFX10K Series, EX9200 Series, MX Series, PTX Series: Path traversal vulnerability in NFX150 and NG-RE leads to information disclosure (CVE-2019-0074)
 
A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series, and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. Please refer to https://kb.juniper.net/JSA10975 for more information.
Modification History:
First publication date 2020-02-24
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search