Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.2R2-S7: Software Release Notification for JUNOS Software Version 18.2R2-S7

0

0

Article ID: TSB17787 TECHNICAL_BULLETINS Last Updated: 16 May 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX5100, QFX10002, NFX, SRX, VMX, VRR, NA
Alert Description:
Junos Software Service Release version 18.2R2-S7 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.2R2-S7 is now available.

18.2R2-S7 - List of Fixed issues

PR Number Synopsis Category: EX2300/3400 platform
1477165 EX3400 me0 interface might remain down
Product-Group=junos
The me0 interface of EX3400 does not come up when connected to 100m speed interface.
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1451959 Junos OS: MX Series: Crafted packets traversing a Broadband Network Gateway (BNG) configured with IPv6 NDP proxy could lead to Denial of Service (CVE-2020-1633)
Product-Group=junos
Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, leading to a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11012 for more information.
PR Number Synopsis Category: BBE network stack related issues
1432957 Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service
Product-Group=junos
Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. Please refer to https://kb.juniper.net/JSA10987 for more details.
PR Number Synopsis Category: Border Gateway Protocol
1461602 The rpd scheduler slips might be seen on RPKI route validation enabled BGP peering router in a scaled setup
Product-Group=junos
In scaled BGP environment (e.g. global table ~3M routes or more) when there are a lot of (e.g 10k or more) more specific routes for a certain IPv4 or IPv6 prefix covered by some RV (route validation) record, a change in RV records database might lead to rpd (routing protocol daemon) scheduler slips, which could trigger routing protocol adjacency flap. The same could be triggered by executing "clear validation database" command or shortly after initial session RPKI (resource public key infrastructure) establishment event.
1487691 High CPU utilization might be observed when the outgoing BGP updates are sending slowly
Product-Group=junos
On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725)
PR Number Synopsis Category: SRX1500 platform software
1485224 "show chassis temperature-thresholds" comes with many FPC 0 output.
Product-Group=junos
On SRX1500, "show chassis temperature-thresholds" comes with many FPC 0 output. This is the display issue and users can ignore the output.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1429719 Junos OS: A race condition vulnerability may cause RPD daemon to crash when processing a BGP NOTIFICATION message. (CVE-2020-1629)
Product-Group=junos
A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. Refer to https://kb.juniper.net/JSA11009 for more information.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1484721 ARP entry may not be created in the EVPN-MPLS environment
Product-Group=junos
In the EVPN-MPLS environment, if a VLAN is created without having it in "protocols evpn extended-vlan-list", then adding it, the ARP entry may not be created on the device even it receives the ARP packets through the newly added VLAN.
PR Number Synopsis Category: jdhcpd daemon
1431201 The jdhcpd_era log files constantly consume 121M of space out of 170M, resulting into file system full and traffic impact
Product-Group=junos
On EX platforms with service dhcp enabled, the jdhcpd_era log files constantly consume 121M of space out of 170M, resulting into file system full and traffic impact. Memory usage of /var/log/ will reach 100%.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1483834 FTPS traffic might get dropped on SRX Series or MX Series platforms if FTP ALG is used
Product-Group=junos
On SRX Series or MX Series platforms with FTP ALG enabled, if there are more than one FTPS connection between a pair of FTP client and server, the closure of one connection might cause other connections between that pair of FTP client and server to be affected, hence there might be traffic impact. It is a rare timing issue.
PR Number Synopsis Category: Firewall Authentication
1475435 SRX Series: Unified Access Control (UAC) bypass vulnerability (CVE-2020-1637)
Product-Group=junos
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy; Refer to https://kb.juniper.net/JSA11018 for more information.
PR Number Synopsis Category: Security platform jweb support
1499280 Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services
Product-Group=junos
Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1454950 EX switches might not come up properly upon reboot
Product-Group=junos
EX switches might not come up properly upon reboot due to the date not been set up.
1469400 EX3400 might reboot because of lack of watchdog patting
Product-Group=junos
On EX3400, if watchdog pat did not happen within stipulated time and it might reboot automatically with "0x2:watchdog" as reboot reason.
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1443576 Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device. (CVE-2020-1603)
Product-Group=junos
Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. Refer to https://kb.juniper.net/JSA10982 for more information.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1344858 Junos OS: vMX: Default credentials supplied in configuration (CVE-2020-1615)
Product-Group=junos
The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. Refer to https://kb.juniper.net/JSA10998 for more information.
PR Number Synopsis Category: VMHOST platforms software
1398331 Junos OS: QFX10K Series, EX9200 Series, ACX Series, MX Series, PTX Series: Privilege escalation vulnerability in NG-RE. (CVE-2020-1619)
Product-Group=junos
A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, ACX Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. Refer to https://kb.juniper.net/JSA11002 for more information.
 

18.2R2-S7 - List of Known issues

PR Number Synopsis Category: EX2300/3400 PFE
1462155 The fxpc crashes due to PFEMAN_RT thread and BCM linkscan thread get into a deadlock
Product-Group=junos
In certain conditions, PFEMAN_RT thread and BCM linkscan thread get into a deadlock causing watchdog timeout.
1462155 The fxpc crashes due to PFEMAN_RT thread and BCM linkscan thread get into a deadlock
Product-Group=junosvae
In certain conditions, PFEMAN_RT thread and BCM linkscan thread get into a deadlock causing watchdog timeout.
PR Number Synopsis Category: EX-Series VC Datapath
1426741 Junos OS: EX4300: Traffic from the network internal to the device (128.0.0.0) may be forwarded to egress interfaces (CVE-2020-1628)
Product-Group=junos
Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. Refer to https://kb.juniper.net/JSA11008 for more information.
PR Number Synopsis Category: PRs related to channelized E1/T1 mic
1442820 JDI MMX REGRESSIONS: ALTIUS:T1 mode interfaces link protocol is not coming up with cisco-hdlc encapsulation
Product-Group=junos
mode interfaces link protocol is not coming up with cisco-hdlc encapsulation
PR Number Synopsis Category: Flow Module
1465944 Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. (CVE-2020-1634)
Product-Group=junos
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Refer to https://kb.juniper.net/JSA11014 for more information.
 
Modification History:
First publication 2020-05-16
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search