Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

15.1R7-S8: Software Release Notification for JUNOS Software Version 15.1R7-S8

0

0

Article ID: TSB17900 TECHNICAL_BULLETINS Last Updated: 02 Nov 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
EX Series
Alert Description:
Junos Software Service Release version 15.1R7-S8 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 15.1R7-S8 is now available.

15.1R7-S8 - List of Fixed issues

PR Number Synopsis Category: Marvell based EX PFE L2
1452738 The l2ald and eventd are hogging 100% after issuing "clear ethernet-switching table" command
Product-Group=junos
The l2ald and eventd processes are hogging 100% after "clear ethernet-switching table" command is issued and also the continuous syslog errors "l2ald[18605]: L2ALD_IPC_MESSAGE_INVALID: Invalid message received (message type 0, subtype 0): null message" are observed.
PR Number Synopsis Category: QFX Access Control related
1515972 "dot1x" memory leak
Product-Group=junos
Memory leak is seen in 'dot1xd' daemon when no 'dot1x' is configured. Memory leak is seen for the allocation while creating socket from 'dot1xd' daemon to 'authd' daemon. If 'authd' is not running , 'dot1xd' daemon tries to connect to 'authd' periodically and every time it was allocating memory for string "/var/run/authd_control" for socket creation. The memory does not free in this scenario and we see memory leak for string "/var/run/authd_control". There will be no service impact to other services/daemons other than dot1x.
PR Number Synopsis Category: EX Chassis chassism/chassisd
1525479 On EX8216, no chassis alarm seen when SIB is in fault state
Product-Group=junos
On EX8216, no chassis alarm seen when SIB is in fault state
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1485743 Junos OS: FreeBSD-SA-20:01.libfetch: libfetch buffer overflow (CVE-2020-7450)
Product-Group=junos
The libfetch(3) is a multi-protocol file transfer library included with Juniper Networks Junos OS and used by various command-line programs. A programming error allows an attacker who can specify a URL with username and/or password components to overflow libfetch(3) buffers. An attacker in control of the URL to be fetched (possibly via HTTP redirect) may cause a heap buffer overflow, resulting in program misbehavior or malicious code execution. Please refer to https://kb.juniper.net/JSA11058 for more information.
1485747 Junos OS: FreeBSD-SA-20:03.thrmisc: kernel stack data disclosure (CVE-2019-15875)
Product-Group=junos
The Juniper Networks Junos OS kernel can create a core dump file when a process crashes that contains process state, for debugging. Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data previously stored on the stack will be exposed to a crashing user process, potentially disclosing sensitive kernel data. Please refer to https://kb.juniper.net/JSA11046 for more information.
PR Number Synopsis Category: "ifstate" infrastructure
1404507 The VMCore might be seen when there is an interface deletion
Product-Group=junos
In a very rare situation, The VMCore might be seen when there is an interface deletion/addition.
1437762 The CPU utilization on a daemon might be around 100 percent or the backup Routing Engine might crash in race conditions.
Product-Group=junos
The CPU utilization on a daemon might keep around 100% or backup RE might crash in race conditions (it may get hit or triggered at times by some churn in the system, no specific trigger).
 

15.1R7-S8 - List of Known issues

PR Number Synopsis Category: NFX Series Platform Software
1462556 Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669)
Product-Group=junos
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
PR Number Synopsis Category: Border Gateway Protocol
1448425 Junos OS and Junos OS Evolved: RPD crash while processing a specific BGP update information. (CVE-2020-1646)
Product-Group=junos
On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. Refer to https://kb.juniper.net/JSA11033 for more information.
PR Number Synopsis Category: PRs related to channelized E1/T1 mic
1402563 FPC might crash after offline/online MIC-3D-16CHE1-T1-CE-H.
Product-Group=junos
On MX and ACX platforms, after offline and then online MIC-3D-16CHE1-T1-CE-H card, the related FPC might crash.
PR Number Synopsis Category: Device Configuration Daemon
1519334 Junos OS: Buffer overflow vulnerability in device control daemon (CVE-2020-1664)
Product-Group=junos
A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. Please refer to https://kb.juniper.net/JSA11061 for more information.
PR Number Synopsis Category: Port-based link layer security services and protocols that a
1503010 Junos OS and Junos OS Evolved: MACsec delay protection fails to drop/discard delayed MACsec packets (CVE-2020-1674)
Product-Group=junos
Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard delayed MACsec packets (e.g. delayed by more than 2 seconds); Refer to https://kb.juniper.net/JSA11071 for more information.
PR Number Synopsis Category: DNS filtering on MX.
1474056 Junos OS: MX Series: Services card might restart when DNS filtering is enabled (CVE-2020-1645)
Product-Group=junos
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. Refer to https://kb.juniper.net/JSA11028 for more information.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1309483 Junos upgrade from pre-15.1 release to 15.X or later releases may fail due to dirty file systems
Product-Group=junos
Junos upgrade on systems with high uptime (longer than 6 months) from any pre-15.1 release to 15.X or later releases may fail. This can happen due to file systems ending up in a dirty state over time due to un-flushed buffers. A reboot of the system is required prior to upgrade to avoid dirty file system.
PR Number Synopsis Category: DDos Support on MX
1377899 Junos OS: MX series/EX9200 Series: IPv6 DDoS protection does not work as expected. (CVE-2020-1665)
Product-Group=junos
On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. Refer to https://kb.juniper.net/JSA11062 for more information.
 
Modification History:
First publication 2020-11-02
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search