Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.2R3-S4: Software Release Notification for JUNOS Software Version 17.2R3-S4



Article ID: TSB17803 TECHNICAL_BULLETINS Last Updated: 16 Jun 2020Version: 2.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, VMX, VRR, Network Agent
Alert Description:
Junos Software Service Release version 17.2R3-S4 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts

Junos Software service Release version 17.2R3-S4 is now available.

NOTE: 17.2R3-S4 is the LAST Service Release of JUNOS software version 17.2 which reaches End-of-Engineering on 2020-06-06

17.2R3-S4 - List of Fixed issues
PR Number Synopsis Category: Border Gateway Protocol
1487691 High CPU utilization might be observed when the outgoing BGP updates are sending slowly
On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also
PR Number Synopsis Category: Security platform jweb support
1499280 Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services
Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1631). Refer to for more information.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1146891 The knob of "set system ports console log-out-on-disconnect" may not work
"set system ports console log-out-on-disconnect" does not work.
PR Number Synopsis Category: "ifstate" infrastructure
1486161 Kernel core might be seen if deleting an ifstate
On all Junos platforms, some operations such as configuration change may cause state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and RE (Routing Engine) restart. There is no specific trigger, this issue is reported by the configuration change.
PR Number Synopsis Category: QFX PFE Class of Services
1472771 DSCP marking might not work as expected if the fixed classifiers are applied to interfaces on QFX5000/EX4600 platforms
On QFX5000/EX4600 platforms, if the interfaces are configured with the fixed classifiers, when some specific configuration changes are committed, for example, the same forwarding-class is applied to two different interfaces at the same time, and then the forwarding-class for one of the interfaces is changed and committed to a different value, the Differentiated Services code point (DSCP) marking might not be able to work as expected since both physical interfaces are still having the same forwarding-class mapped in the hardware table due to this issue.

17.2R3-S4 - List of Known issues
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1451959 Junos OS: MX Series: Crafted packets traversing a Broadband Network Gateway (BNG) configured with IPv6 NDP proxy could lead to Denial of Service (CVE-2020-1633)
Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, leading to a Denial of Service (DoS) condition. Refer to for more information.
PR Number Synopsis Category: Express PFE FW Features
1372944 Junos OS: PTX1000 and PTX10000 Series, QFX10000 Series using non-AFT architectures: A specific genuine packet inspected by sFlow will cause a reboot. (CVE-2020-1617)
An improper initialization of memory in the packet forwarding architecture in Juniper Networks Junos OS non-AFI/AFT platforms which may lead to a Denial of Service (DoS) vulnerability being exploited when a genuine packet is received and inspected by non-AFT/AFI sFlow and when the device is also configured with firewall policers. Refer to for more information.
PR Number Synopsis Category: Firewall Authentication
1475435 SRX Series: Unified Access Control (UAC) bypass vulnerability (CVE-2020-1637)
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy; Refer to for more information.
PR Number Synopsis Category: Flow Module
1465944 Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. (CVE-2020-1634)
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Refer to for more information.
Modification History:
2020-06-15 First publication
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search