Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.1R2-S2: Software Release Notification for JUNOS Software Version 19.1R2-S2

0

0

Article ID: TSB17901 TECHNICAL_BULLETINS Last Updated: 18 Dec 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX (Except ACX5448), EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.1R2-S2 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:
NOTE: DUE to a critical issue with ACX5448 software. No software image posted for the ACX5448.
 

Junos Software service Release version 19.1R2-S2 is now available.

19.1R2-S2 - List of Fixed issues
PR Number Synopsis Category: EX4300 PFE
1495129 On the EX4300 device, high CPU load due to receipt of specific IPv4 packets is observed.
Product-Group=junos
On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. Please refer to https://kb.juniper.net/JSA11067 for more information.
PR Number Synopsis Category: EX2300/3400 PFE
1491905 On the EX2300 device, high CPU load due to the receipt of specific multicast packets on Layer 2 interface is observed.
Product-Group=junos
On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. Refer to https://kb.juniper.net/JSA11065 for more information.
1525373 Drops and dropped packets counters in the output value of the show interface extensive command are counted twice.
Product-Group=junos
"show interface ..." command shows wrong values for the "Drops" and "Drop Packet" counters. The actual value is half of the display values.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1495890 On the EX4300-MP and EX4600 devices, high CPU load due to receipt of specific Layer 2 frames in EVPN-VXLAN deployment.
Product-Group=junos
JSA11084 Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment. (CVE-2020-1687): On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption. Refer to https://kb.juniper.net/JSA11084 for more information. JSA11086 Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames when deployed in a Virtual Chassis configuration (CVE-2020-1689) On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone configuration. Refer to https://kb.juniper.net/JSA11086 for more information.
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1509402 PFE crash might be seen and the FPC may remain down on ACX710 platform
Product-Group=junos
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up.
PR Number Synopsis Category: ACX GE, 10GE, PoE, IDT framers
1430009 The gigether-options command is enabled again under the interface hierarchy.
Product-Group=junos
gigether-options and ether-options both are support on ACX5k PR1430009 initially opened to remove gigether-options, now it has been reverted. Revert has been tracked in the same PR 1430009. Yes, latest fix of PR 1430009 has added back gigether-options
PR Number Synopsis Category: common or misc area for SRX product
1490181 The SRX1500 device and the SRX4000 line of devices might boot up with the rescue configuration after a power outage.
Product-Group=junos
After a power outage occurs, SRX1500 and SRX4K devices might load rescue configuration in order to boot up successfully.
PR Number Synopsis Category: Border Gateway Protocol
1437837 The rpd might crash in case multipath is enabled, as BGP multipath teardown is called for secondary route even though secondary routes are considered for multipath.
Product-Group=junos
This issue applies to Junos platforms with BGP multipath configured under a routing-instance and a RIB group is deployed to leak routes from that routing-instance to another routing table. "rpd" may restarts unexpectedly when performing multipath calculation operations for the secondary routes - (such as, removing the rib-groups/bouncing BGP neighbor under routing-instance.) The secondary routes refer to the second RIB in a RIB (Routing Information Base) group.
1466709 BGP peers might flap if the parameter of hold-time is set small.
Product-Group=junos
On all Junos platforms with BGP enabled, the hold timer is still running when the session is to processing BGP updates to peers, but the keepalive messages which BGP peer sends might be skipped. If the BGP updates in handling cannot be completed within the hold timer (e.g., manually sets the hold-time to 3s), the BGP peer flaps might be observed.
1490079 Junos OS and Junos OS Evolved: RPD crash due to BGP session flapping. (CVE-2020-1662)
Product-Group=junos
On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. Refer to https://kb.juniper.net/JSA11059 for more information.
1497721 Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash.
Product-Group=junos
An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11024 for more information.
PR Number Synopsis Category: MPC5/6E pfe microcode software
1459698 After the DRD auto recovery, the traffic blackholing upon interface flaps.
Product-Group=junos
An interface stops forwarding traffic when MX software triggers a "DRD reorder timeout recovery" event follows by an interface flap on the same XMCHIP. When the logic is triggered, you will see a "cmtfpc_xmchip_drd_reorder_id_timeout_callback" message in the PFE syslog messages. This issue affects XM based MPCs (3E 4E 5E 6E 2E-NG 3E-NG).
PR Number Synopsis Category: OpenSSH and related subsystems
1454177 SSH login might fail if a user account exists in both local database and RADIUS/TACACS+.
Product-Group=junos
SSH login from an automation tool to the Junos OS device might not be successful if the username is configured both as a local user and on remote RADIUS/TACACS server, and using authentication method 'password'.
PR Number Synopsis Category: Device Configuration Daemon
1519334 Buffer overflow vulnerability in device control daemon (CVE-2020-1664).
Product-Group=junos
A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. Please refer to https://kb.juniper.net/JSA11061 for more information.
PR Number Synopsis Category: Firewall Filter
1473093 Traffic might not be forwarded into the right queue but the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5.
Product-Group=junos
On the MX Series routers with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1473151 Junos OS: SRX Series: High CPU load due to processing for HTTP traffic when Application Identification is enabled.
Product-Group=junos
On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Refer to https://kb.juniper.net/JSA11081 for more information.
PR Number Synopsis Category: Express PFE Services including JTI, TOE, HostPath, Jflow
1495788 Junos OS: PTX/QFX Series: Kernel Routing Table (KRT) queue stuck after J-Flow sampling a malformed packet (CVE-2020-1679)
Product-Group=junos
On Juniper Networks PTX/QFX Series devices, J-Flow sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. Refer to https://kb.juniper.net/JSA11076 for more information.
PR Number Synopsis Category: Optical Transport Interface
1467712 MIC Error code: 0x1b0002 alarm might not be cleared for MIC on MPC5E when the voltage has returned to normal.
Product-Group=junos
The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1436924 IRB over VTEP unicast traffic might get dropped on MX Series platforms.
Product-Group=junos
On EX9200/MX platforms running as Provider Edge (PE) nodes in Ethernet Virtual Private Network (EVPN) and Virtual extension LAN (VxLAN) scenario, if the enhanced-ip mode is enabled for chassis configuration, and the EVPN routing instance is configured with Integrated Routing and Bridging (IRB) interface, the unicast traffic which is sent through IRB over Virtual Tunnel End Point (VTEP) might get dropped since it couldn't get routed towards core network due to this issue. [TSB17770]
PR Number Synopsis Category: jdhcpd daemon
1511782 Receipt of malformed DHCPv6 packets causes jdhcpd to crash (CVE-2020-1671).
Product-Group=junos
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. Refer to https://kb.juniper.net/JSA11068 for more information.
1512765 The jdhcpd process crash when processing a specific DHCPDv6 packet in DHCPv6 relay configuration (CVE-2020-1672).
Product-Group=junos
On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. Refer to https://kb.juniper.net/JSA11069 for more information.
PR Number Synopsis Category: Application aware Quality-of-Service
1486905 Junos OS: SRX1500, vSRX, SRX4K, NFX150: Denial of service vulnerability executing local CLI command (CVE-2020-1682)
Product-Group=junos
An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. Refer to https://kb.juniper.net/JSA11079 for more information.
PR Number Synopsis Category: Security platform jweb support
1493385 Junos OS: Reflected Cross-site Scripting vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1673)
Product-Group=junos
Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. Refer to https://kb.juniper.net/JSA11070 for more information.
1499280 Security vulnerability in J-Web and Web-based (HTTP/HTTPS) services is observed.
Product-Group=junos
Junos OS: Security vulnerability in J-Web and web-based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
PR Number Synopsis Category: Issues related to Jflow Jvision Sensors
1449837 Changing the hostname triggers LSP on-change notification and not the adjacency on-change notification.
Product-Group=junos
Currently IS-IS is sending system host-name instead of system-id in OC paths in lsdb or Adjacency xpaths in periodic streaming and on-change notification.
PR Number Synopsis Category: Layer 2 Control Module
1469635 Memory leak on Layer 2 cpd process causes Layer 2 cpd to crash.
Product-Group=junos
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash.
PR Number Synopsis Category: Label Distribution Protocol
1471191 The rpd process might crash during shutdown.
Product-Group=junos
The rpd shutdown process such as clean up of scale configuration and rolling it back with LDP configured might cause rpd to crash. The rpd shutdown rarely happens during normal operation. It is widely used for testing purpose. The rpd crash may result in traffic loss.
PR Number Synopsis Category: Port-based link layer security services and protocols that a
1503010 MACsec delay protection fails to drop/discard delayed MACsec packets (CVE-2020-1674).
Product-Group=junos
Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard delayed MACsec packets (e.g. delayed by more than 2 seconds); Refer to https://kb.juniper.net/JSA11071 for more information.
PR Number Synopsis Category: Multicast for L3VPNs
1469028 The rpd might crash when "link-protection" is added/deleted from LSP for MVPN ingress replication selective provider tunnel.
Product-Group=junos
In MVPN scenario with ingress replication selective provider tunnel being used, if the ink-protection statement is added or deleted from the LSP for MVPN, rpd crash might be seen. The reason is that when link-protection is deleted, the ingress tunnel is not deleted, and when link link-protection is added back, it tries to add same tunnel. Due to which, the rpd asserts as same tunnel exists and the rpd generates core files.
PR Number Synopsis Category: Jflow and sflow on MX
1487876 Incorrect frame length of 132 bytes might be captured in the packet header.
Product-Group=junos
On all MX/PTX5k/EX platforms with Trio based line cards, if a packet is send with more than 128 bytes it will always show incorrect "Frame length" of 132 bytes in raw packet header of sflow collector captured data.
PR Number Synopsis Category: DNS filtering on MX.
1474056 Junos OS: MX Series: Services card might restart when DNS filtering is enabled (CVE-2020-1645)
Product-Group=junos
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. Refer to https://kb.juniper.net/JSA11028 for more information.
PR Number Synopsis Category: Fabric Manager for MX
1461356 Traffic might be impacted due to fabric hardening being stuck.
Product-Group=junos
Fabric hardening (FH) is the process of controlling bandwidth degradation to prevent traffic null route. When FH is processing, if SFB/SCB get failure, FH process will be stuck, which will get traffic lost.
PR Number Synopsis Category: Track veHostd, vmm-sdk issues on Mt Rainier RE
1448413 The vehostd application fails to generate a minor alarm.
Product-Group=junosvae
On the Junos platforms with NG-RE installed, the process vehostd may crash without coredump and automatic restart of vehostd may fail. The vehostd is a daemon for managing the lifecycle of system-critical Junos VMs in the system. If the process vehostd gets in crash state, it will impact the management of Junos VMs.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1485747 Junos OS: FreeBSD-SA-20:03.thrmisc: kernel stack data disclosure (CVE-2019-15875)
Product-Group=junos
The Juniper Networks Junos OS kernel can create a core dump file when a process crashes that contains process state, for debugging. Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data previously stored on the stack will be exposed to a crashing user process, potentially disclosing sensitive kernel data. Please refer to https://kb.juniper.net/JSA11046 for more information.
1495307 The ps crash might be seen after executing 'request system snapshot recovery routing-engine both' command
Product-Group=junos
Multiple ps (process status) utility crash might be observed after executing 'request system snapshot recovery routing-engine both' command on platforms running 17.4 or higher releases.
1505864 The installation fails when upgrading from legacy Junos OS to specific BSDx-based Junos OS.
Product-Group=junos
The installation might fail when upgrading from legacy Junos (before Junos 15.1) to higher BSDx based Junos releases (Junos 15.1 and after).
1518898 The kernel might crash if a file/directory is accessed for the first time and is not created locally.
Product-Group=junos
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
1537696 Errors might be seen when dumping vmcore on EX2300/EX3400 series
Product-Group=junos
On EX2300/EX3400, the vmcore might not be available and the device might hang while trying to generate core files via the rescue kernel. This might be caused by the ARM dumper device supporting only a fixed 512 byte block size, rather than scaling to any block size. This might cause loss of debug ability for the device.
PR Number Synopsis Category: "ifstate" infrastructure
1439906 On all Junos OS VM based platforms, FPC might reboot if jlock hog occurs.
Product-Group=junos
On a JUNOS VM using TSC clocking from the host system, "jlock hog" messages may be seen. This may lead to FPCs reboot.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1502386 Arbitrary code execution vulnerability in telnet server (CVE-2020-10188).
Product-Group=junos
A vulnerability in the telnetd Telnet server allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. Refer to https://kb.juniper.net/JSA11057 for more information.
PR Number Synopsis Category: Kernel Stats Infrastructure
1482379 Junos OS: Memory leak leads to kernel crash (vmcore) due to SNMP polling (CVE-2020-1683)
Product-Group=junos
On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Refer to https://kb.juniper.net/JSA11080 for more information.
PR Number Synopsis Category: vMX Data Plane Issues
1544856 The riot forwarding daemon crash might be observed on vMX based platforms configured with IRB interface
Product-Group=junos
On vMX based platforms enabled with IRB interface, the riot forwarding daemon crash might be observed which could lead to traffic loss.
PR Number Synopsis Category: Protocol Independant Multicast
1501722 The rpd process might crash in a multicast scenario with BGP configured.
Product-Group=junos
In multicast scenario with BGP configured, when a new BGP link is brought up (such as, after updating specific BGP policies), which changes the RPF neighbor information and this update causes the rpd core to happen. The issue is seen only while updating RPF neighbor information and not seen while building it for the first time.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1491662 VFP VM becomes unresponsive following reboot of vMX
Product-Group=junos
In the XL710/X710 network interface cards (NIC) is used with the performance mode vMX scenario, the NIC driver is loaded to figure out NIC speed-related information on every restart or reboot of vMX. If the virtual forwarding plane (VFP) VM is continuously restarted, the NIC driver might be loaded repeatedly, it might cause the memory corruption which might lead VFP VM to become unstable, after that, the traffic loss might happen on VFP VM.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1504856 The DMA failure errors might be seen when the cache is full or flushes
Product-Group=junosvae
If the cache flush or the cache is full on QFX5K TVP platform virtual chassis, the DMA failure errors might be seen. It might cause the device not to accept ssh credentials and VC to go into the hang state.
PR Number Synopsis Category: KRT Queue issues within RPD
1438597 RPD might generate a core file during router boot up due to file pointer issue because there are two code paths that can close the file.
Product-Group=junos
The rpd might crash during router boot up due to file pointer issue as there are two code paths that can close the file. We are attempting to close the file without validating the file pointer.
1463302 MVPN traffic might be dropped after performing switchover.
Product-Group=junos
When multicast virtual private network (MVPN) and nonstop active routing (NSR+GRES) configured, doing several consecutive switchovers after routing-instance (RI) removal/add might cause kernel routing table (KRT) to get stuck. MVPN routes could not be successfully installed into MVPN routing instance causing service disruption.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1421076 The rpd process might crash when the prefix list address is changed from IPv4 to IPv6.
Product-Group=junos
RPD crash might occur when changing a prefix-list address from IPv4 to IPv6 with "replace-pattern"
PR Number Synopsis Category: Resource Reservation Protocol
1359087 The FPC might be stuck in the Ready state after making a change in the configuration that removes RSVP and triggers FPC restart.
Product-Group=junos
When 'tunnel-services' is configured under 'chassis fpc <> pic <>', the vt-x/y/z physical interface (IFD) is created for the corresponding FPC. If 'protocols rsvp' is configured, RSVP will create a default vt-x/y/z.u logical interface (IFL) under the corresponding vt-x/y/z IFD. After applying a configuration change that will remove RSVP and trigger FPC restart, the vt-x/y/z.u IFL is not cleaned up due to a code issue. Hence the corresponding vt-x/y/z IFD cannot be cleaned up during the corresponding FPC coming up. The IFD cleaning keeps retrying which cause the corresponding FPC to be stuck in 'Ready' state.
PR Number Synopsis Category: RPD API infrastructure
1481953 The rpd process might crash when executing show route protocol l2-learned-host-routing or show route protocol rift CLI command on a router.
Product-Group=junos
On all Junos platforms, executing the CLI command of "show route protocol l2-learned-host-routing" or "show route protocol rift" on a router may cause the rpd crash if there is an active route in bgp.rtarget.0 routing table.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1441816 Egress stream flush failure and traffic null route might occur.
Product-Group=junos
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003.
1513321 The wavelength configured using CLI might not be set on SFP+-10G-T-DWDM-ZR optics when the optics is used on MPC7E line card.
Product-Group=junos
The code change in PR 1410877 (which is fixed in 19.1R1 19.2R1) broke the wavelength configuration for tunable optics on MPC7E line card. After configuring 'interfaces <> optics-options wavelength' for interfaces using SFP+-10G-T-DWDM-ZR optics on MPC7E line card, the wavelength configured might not take effect on these interfaces.
PR Number Synopsis Category: MX10003/MX204 Linux issues (including driver issues)
1492121 MX10003 RCB always detect fire temp and shutdown in short time after downgrade.
Product-Group=junosvae
On the MX10003 platform, if we upgrade or downgrade Junos software from a set of original releases to a set of target releases, the system might detect incorrect temperature values and shutdown. The set of the original releases are: Junos 18.2R3, 18.3R3, 18.4R2, 19.1R2, 19.2R1, 19.3R1. The set of the target releases are: Junos pre-18.2R3, pre-18.3R3, pre-18.4R2, pre-19.1R2, pre-19.2R1, and pre-19.3R1 releases
PR Number Synopsis Category: MX10003/MX204 MPC defects tracking
1474231 MX10000 QSA adapter lane 0 port goes in the down state when disabling one of the other lanes.
Product-Group=junos
When QSA adapter is installed, the Lane 0 port might be also in down state when disabling one of the other lanes (1, 2 or 3) due to the chan number not entertained. It is not expected behaviour and it might affect service.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1502867 Traffic originated from another subnet is sent out with 0x8100 instead of 0x88a8.
Product-Group=junos
On the MX platforms with MPC7/8/9 installed, when an interface configured with vlan-tags outer tpid (tag protocol ID) 0x88a8 on these line cards, traffic originated from another subnet will be sent out with 0x8100. It will cause traffic to get dropped at the remote site.
PR Number Synopsis Category: Trio pfe mpls- lsps,rsvp,vpns- ccc, tcc software
1452866 The traffic might silently get dropped and discarded after the LACP timeout.
Product-Group=junos
In Link Aggregation Control Protocol (LACP) with Unilist next-hop scenario, when Resource Reservation Protocol (RSVP) protection or BGP Prefix-Independent Convergence (PIC)is used, if the LACP interface flapping happens fast enough, which might cause traffic blackhole. Due to a delay which causes the first "link down message" arriving at Packet Forwarding Engine (PFE) after the "link up message" already being received. So that PFE marks both of the primary and backup next-hop as unusable. (This is a timing issue)
PR Number Synopsis Category: Issues related to all UI tools (mgd-bsd/cli-bsd, XML and DMI
1480208 Multiple SQLite vulnerabilities are resolved.
Product-Group=junos
In Junos OS, the majority of attack vectors in this announcement require multiple chaining attack events to be successful against services which do not directly call SQLite. For the attacker to be able to access and successfully execute commands on the device, only one attack vector is known to exist. Please refer to https://kb.juniper.net/JSA11055 for more information.
PR Number Synopsis Category: MX10K platform
1481054 100G interface may randomly fail to come up after maintenance operations
Product-Group=junos
On MX10008/MX10016 platforms with QSFP-100GBASE-LR4 optics, these 100GE interfaces may randomly fail to come up after maintenance operations (such as power cycle, software upgrade, or reboot of RE/FPC, etc) due to QSFP hardware initialization failure.
 

19.1R2-S2 - List of Known issues
PR Number Synopsis Category: NFX Series Platform Software
1462556 Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669)
Product-Group=junos
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
PR Number Synopsis Category: Manageability for Node Virtualization
1527322 Dvaita JDM: Commit Error Messages are coming twice while validating physical-cores knob
Product-Group=junosvae
Commit error messages get printed twice while validating physical-cores knob for GNFs.
PR Number Synopsis Category: jdhcpd daemon
1430874 Junos OS: jdhcpd process crash when forwarding a malformed DHCP packet. (CVE-2020-1661)
Product-Group=junos
On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. Refer to https://kb.juniper.net/JSA11056 for more information.
PR Number Synopsis Category: Firewall Policy
1471621 The count option in the security policy does not take effect even if the policy count is enabled.
Product-Group=junos
On SRX Series devices that have a security policy counter deployed, the count option in the security policy might not work. As a result, issuing show security policies <> detail might not print traffic statistics for the security policy.
PR Number Synopsis Category: IPSEC/IKE VPN
1517262 The flowd might crash in IPsec VPN scenario
Product-Group=junos
On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue.
PR Number Synopsis Category: Path computation client daemon
1472051 PCC tries to send a report to PCE but the connection between PCC and PCE is not in the up state especially in the case of MBB in PCE provisioned or controlled LSP.
Product-Group=junos
The pccd core and PCEP (Path Computation Element Protocol) session flaps might be seen when PCC (Path Computation Client) tries to send a report to PCE but the connection between PCC and PCE is not in UP state. It might also cause rpd core. This issue might happen in MBB (Make-before-break) cases in PCE provisioned/controlled LSP or doing ISSU upgrade operation.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1466567 Junos OS: MX Series: Services card might restart due to a race condition when DNS filtering is enabled. (CVE-2020-1667)
Product-Group=junos
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing "URL Filtering service", can crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. Refer to https://kb.juniper.net/JSA11064 for more information.
1469188 Junos OS: MX Series: Receipt of specific packets can cause services card to restart when DNS filtering is configured. (CVE-2020-1660)
Product-Group=junos
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS Filtering service are no longer protected and at risk of exploitation. Refer to https://kb.juniper.net/JSA11054 for more information
 
Modification History:
First publication 2020-12-18
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search