19.1R2-S2: Software Release Notification for JUNOS Software Version 19.1R2-S2

NOTE: DUE to a critical issue with ACX5448 software. No software image posted for the ACX5448.

Junos Software service Release version 19.1R2-S2 is now available.

19.1R2-S2 - List of Fixed issues

PR Number	Synopsis	Category: EX4300 PFE
1495129	On the EX4300 device, high CPU load due to receipt of specific IPv4 packets is observed. Product-Group=junos	On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. Please refer to https://kb.juniper.net/JSA11067 for more information.
PR Number	Synopsis	Category: EX2300/3400 PFE
1491905	On the EX2300 device, high CPU load due to the receipt of specific multicast packets on Layer 2 interface is observed. Product-Group=junos	On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. Refer to https://kb.juniper.net/JSA11065 for more information.
1525373	Drops and dropped packets counters in the output value of the show interface extensive command are counted twice. Product-Group=junos	"show interface ..." command shows wrong values for the "Drops" and "Drop Packet" counters. The actual value is half of the display values.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1495890	On the EX4300-MP and EX4600 devices, high CPU load due to receipt of specific Layer 2 frames in EVPN-VXLAN deployment. Product-Group=junos	JSA11084 Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment. (CVE-2020-1687): On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption. Refer to https://kb.juniper.net/JSA11084 for more information. JSA11086 Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames when deployed in a Virtual Chassis configuration (CVE-2020-1689) On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone configuration. Refer to https://kb.juniper.net/JSA11086 for more information.
PR Number	Synopsis	Category: JUNOS kernel/ukernel changes for ACX
1509402	PFE crash might be seen and the FPC may remain down on ACX710 platform Product-Group=junos	On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up.
PR Number	Synopsis	Category: ACX GE, 10GE, PoE, IDT framers
1430009	The gigether-options command is enabled again under the interface hierarchy. Product-Group=junos	gigether-options and ether-options both are support on ACX5k PR1430009 initially opened to remove gigether-options, now it has been reverted. Revert has been tracked in the same PR 1430009. Yes, latest fix of PR 1430009 has added back gigether-options
PR Number	Synopsis	Category: common or misc area for SRX product
1490181	The SRX1500 device and the SRX4000 line of devices might boot up with the rescue configuration after a power outage. Product-Group=junos	After a power outage occurs, SRX1500 and SRX4K devices might load rescue configuration in order to boot up successfully.
PR Number	Synopsis	Category: Border Gateway Protocol
1437837	The rpd might crash in case multipath is enabled, as BGP multipath teardown is called for secondary route even though secondary routes are considered for multipath. Product-Group=junos	This issue applies to Junos platforms with BGP multipath configured under a routing-instance and a RIB group is deployed to leak routes from that routing-instance to another routing table. "rpd" may restarts unexpectedly when performing multipath calculation operations for the secondary routes - (such as, removing the rib-groups/bouncing BGP neighbor under routing-instance.) The secondary routes refer to the second RIB in a RIB (Routing Information Base) group.
1466709	BGP peers might flap if the parameter of hold-time is set small. Product-Group=junos	On all Junos platforms with BGP enabled, the hold timer is still running when the session is to processing BGP updates to peers, but the keepalive messages which BGP peer sends might be skipped. If the BGP updates in handling cannot be completed within the hold timer (e.g., manually sets the hold-time to 3s), the BGP peer flaps might be observed.
1490079	Junos OS and Junos OS Evolved: RPD crash due to BGP session flapping. (CVE-2020-1662) Product-Group=junos	On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. Refer to https://kb.juniper.net/JSA11059 for more information.
1497721	Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. Product-Group=junos	An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11024 for more information.
PR Number	Synopsis	Category: MPC5/6E pfe microcode software
1459698	After the DRD auto recovery, the traffic blackholing upon interface flaps. Product-Group=junos	An interface stops forwarding traffic when MX software triggers a "DRD reorder timeout recovery" event follows by an interface flap on the same XMCHIP. When the logic is triggered, you will see a "cmtfpc_xmchip_drd_reorder_id_timeout_callback" message in the PFE syslog messages. This issue affects XM based MPCs (3E 4E 5E 6E 2E-NG 3E-NG).
PR Number	Synopsis	Category: OpenSSH and related subsystems
1454177	SSH login might fail if a user account exists in both local database and RADIUS/TACACS+. Product-Group=junos	SSH login from an automation tool to the Junos OS device might not be successful if the username is configured both as a local user and on remote RADIUS/TACACS server, and using authentication method 'password'.
PR Number	Synopsis	Category: Device Configuration Daemon
1519334	Buffer overflow vulnerability in device control daemon (CVE-2020-1664). Product-Group=junos	A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. Please refer to https://kb.juniper.net/JSA11061 for more information.
PR Number	Synopsis	Category: Firewall Filter
1473093	Traffic might not be forwarded into the right queue but the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5. Product-Group=junos	On the MX Series routers with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue.
PR Number	Synopsis	Category: Covers Application classification workflows apart from custo
1473151	Junos OS: SRX Series: High CPU load due to processing for HTTP traffic when Application Identification is enabled. Product-Group=junos	On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Refer to https://kb.juniper.net/JSA11081 for more information.
PR Number	Synopsis	Category: Express PFE Services including JTI, TOE, HostPath, Jflow
1495788	Junos OS: PTX/QFX Series: Kernel Routing Table (KRT) queue stuck after J-Flow sampling a malformed packet (CVE-2020-1679) Product-Group=junos	On Juniper Networks PTX/QFX Series devices, J-Flow sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. Refer to https://kb.juniper.net/JSA11076 for more information.
PR Number	Synopsis	Category: Optical Transport Interface
1467712	MIC Error code: 0x1b0002 alarm might not be cleared for MIC on MPC5E when the voltage has returned to normal. Product-Group=junos	The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5.
PR Number	Synopsis	Category: Integrated Routing & Bridging (IRB) module
1436924	IRB over VTEP unicast traffic might get dropped on MX Series platforms. Product-Group=junos	On EX9200/MX platforms running as Provider Edge (PE) nodes in Ethernet Virtual Private Network (EVPN) and Virtual extension LAN (VxLAN) scenario, if the enhanced-ip mode is enabled for chassis configuration, and the EVPN routing instance is configured with Integrated Routing and Bridging (IRB) interface, the unicast traffic which is sent through IRB over Virtual Tunnel End Point (VTEP) might get dropped since it couldn't get routed towards core network due to this issue. [TSB17770]
PR Number	Synopsis	Category: jdhcpd daemon
1511782	Receipt of malformed DHCPv6 packets causes jdhcpd to crash (CVE-2020-1671). Product-Group=junos	On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. Refer to https://kb.juniper.net/JSA11068 for more information.
1512765	The jdhcpd process crash when processing a specific DHCPDv6 packet in DHCPv6 relay configuration (CVE-2020-1672). Product-Group=junos	On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. Refer to https://kb.juniper.net/JSA11069 for more information.
PR Number	Synopsis	Category: Application aware Quality-of-Service
1486905	Junos OS: SRX1500, vSRX, SRX4K, NFX150: Denial of service vulnerability executing local CLI command (CVE-2020-1682) Product-Group=junos	An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. Refer to https://kb.juniper.net/JSA11079 for more information.
PR Number	Synopsis	Category: Security platform jweb support
1493385	Junos OS: Reflected Cross-site Scripting vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1673) Product-Group=junos	Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. Refer to https://kb.juniper.net/JSA11070 for more information.
1499280	Security vulnerability in J-Web and Web-based (HTTP/HTTPS) services is observed. Product-Group=junos	Junos OS: Security vulnerability in J-Web and web-based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
PR Number	Synopsis	Category: Issues related to Jflow Jvision Sensors
1449837	Changing the hostname triggers LSP on-change notification and not the adjacency on-change notification. Product-Group=junos	Currently IS-IS is sending system host-name instead of system-id in OC paths in lsdb or Adjacency xpaths in periodic streaming and on-change notification.
PR Number	Synopsis	Category: Layer 2 Control Module
1469635	Memory leak on Layer 2 cpd process causes Layer 2 cpd to crash. Product-Group=junos	On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash.
PR Number	Synopsis	Category: Label Distribution Protocol
1471191	The rpd process might crash during shutdown. Product-Group=junos	The rpd shutdown process such as clean up of scale configuration and rolling it back with LDP configured might cause rpd to crash. The rpd shutdown rarely happens during normal operation. It is widely used for testing purpose. The rpd crash may result in traffic loss.
PR Number	Synopsis	Category: Port-based link layer security services and protocols that a
1503010	MACsec delay protection fails to drop/discard delayed MACsec packets (CVE-2020-1674). Product-Group=junos	Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard delayed MACsec packets (e.g. delayed by more than 2 seconds); Refer to https://kb.juniper.net/JSA11071 for more information.
PR Number	Synopsis	Category: Multicast for L3VPNs
1469028	The rpd might crash when "link-protection" is added/deleted from LSP for MVPN ingress replication selective provider tunnel. Product-Group=junos	In MVPN scenario with ingress replication selective provider tunnel being used, if the ink-protection statement is added or deleted from the LSP for MVPN, rpd crash might be seen. The reason is that when link-protection is deleted, the ingress tunnel is not deleted, and when link link-protection is added back, it tries to add same tunnel. Due to which, the rpd asserts as same tunnel exists and the rpd generates core files.
PR Number	Synopsis	Category: Jflow and sflow on MX
1487876	Incorrect frame length of 132 bytes might be captured in the packet header. Product-Group=junos	On all MX/PTX5k/EX platforms with Trio based line cards, if a packet is send with more than 128 bytes it will always show incorrect "Frame length" of 132 bytes in raw packet header of sflow collector captured data.
PR Number	Synopsis	Category: DNS filtering on MX.
1474056	Junos OS: MX Series: Services card might restart when DNS filtering is enabled (CVE-2020-1645) Product-Group=junos	When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. Refer to https://kb.juniper.net/JSA11028 for more information.
PR Number	Synopsis	Category: Fabric Manager for MX
1461356	Traffic might be impacted due to fabric hardening being stuck. Product-Group=junos	Fabric hardening (FH) is the process of controlling bandwidth degradation to prevent traffic black hole. When FH is processing, if SFB/SCB get failure, FH process will be stuck, which will get traffic lost.
PR Number	Synopsis	Category: Track veHostd, vmm-sdk issues on Mt Rainier RE
1448413	The vehostd application fails to generate a minor alarm. Product-Group=junosvae	On the Junos platforms with NG-RE installed, the process vehostd may crash without coredump and automatic restart of vehostd may fail. The vehostd is a daemon for managing the lifecycle of system-critical Junos VMs in the system. If the process vehostd gets in crash state, it will impact the management of Junos VMs.
PR Number	Synopsis	Category: FreeBSD Kernel Infrastructure
1485747	Junos OS: FreeBSD-SA-20:03.thrmisc: kernel stack data disclosure (CVE-2019-15875) Product-Group=junos	The Juniper Networks Junos OS kernel can create a core dump file when a process crashes that contains process state, for debugging. Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data previously stored on the stack will be exposed to a crashing user process, potentially disclosing sensitive kernel data. Please refer to https://kb.juniper.net/JSA11046 for more information.
1495307	The ps crash might be seen after executing 'request system snapshot recovery routing-engine both' command Product-Group=junos	Multiple ps (process status) utility crash might be observed after executing 'request system snapshot recovery routing-engine both' command on platforms running 17.4 or higher releases.
1505864	The installation fails when upgrading from legacy Junos OS to specific BSDx-based Junos OS. Product-Group=junos	The installation might fail when upgrading from legacy Junos (before Junos 15.1) to higher BSDx based Junos releases (Junos 15.1 and after).
1518898	The kernel might crash if a file/directory is accessed for the first time and is not created locally. Product-Group=junos	On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
1537696	Errors might be seen when dumping vmcore on EX2300/EX3400 series Product-Group=junos	On EX2300/EX3400, the vmcore might not be available and the device might hang while trying to generate core files via the rescue kernel. This might be caused by the ARM dumper device supporting only a fixed 512 byte block size, rather than scaling to any block size. This might cause loss of debug ability for the device.
PR Number	Synopsis	Category: "ifstate" infrastructure
1439906	On all Junos OS VM based platforms, FPC might reboot if jlock hog occurs. Product-Group=junos	On a JUNOS VM using TSC clocking from the host system, "jlock hog" messages may be seen. This may lead to FPCs reboot.
PR Number	Synopsis	Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1502386	Arbitrary code execution vulnerability in telnet server (CVE-2020-10188). Product-Group=junos	A vulnerability in the telnetd Telnet server allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. Refer to https://kb.juniper.net/JSA11057 for more information.
PR Number	Synopsis	Category: Kernel Stats Infrastructure
1482379	Junos OS: Memory leak leads to kernel crash (vmcore) due to SNMP polling (CVE-2020-1683) Product-Group=junos	On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Refer to https://kb.juniper.net/JSA11080 for more information.
PR Number	Synopsis	Category: vMX Data Plane Issues
1544856	The riot forwarding daemon crash might be observed on vMX based platforms configured with IRB interface Product-Group=junos	On vMX based platforms enabled with IRB interface, the riot forwarding daemon crash might be observed which could lead to traffic loss.
PR Number	Synopsis	Category: Protocol Independant Multicast
1501722	The rpd process might crash in a multicast scenario with BGP configured. Product-Group=junos	In multicast scenario with BGP configured, when a new BGP link is brought up (such as, after updating specific BGP policies), which changes the RPF neighbor information and this update causes the rpd core to happen. The issue is seen only while updating RPF neighbor information and not seen while building it for the first time.
PR Number	Synopsis	Category: vMX Platform Infrastructure related issue tracking
1491662	VFP VM becomes unresponsive following reboot of vMX Product-Group=junos	In the XL710/X710 network interface cards (NIC) is used with the performance mode vMX scenario, the NIC driver is loaded to figure out NIC speed-related information on every restart or reboot of vMX. If the virtual forwarding plane (VFP) VM is continuously restarted, the NIC driver might be loaded repeatedly, it might cause the memory corruption which might lead VFP VM to become unstable, after that, the traffic loss might happen on VFP VM.
PR Number	Synopsis	Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1504856	The DMA failure errors might be seen when the cache is full or flushes Product-Group=junosvae	If the cache flush or the cache is full on QFX5K TVP platform virtual chassis, the DMA failure errors might be seen. It might cause the device not to accept ssh credentials and VC to go into the hang state.
PR Number	Synopsis	Category: KRT Queue issues within RPD
1438597	RPD might generate a core file during router boot up due to file pointer issue because there are two code paths that can close the file. Product-Group=junos	The rpd might crash during router boot up due to file pointer issue as there are two code paths that can close the file. We are attempting to close the file without validating the file pointer.
1463302	MVPN traffic might be dropped after performing switchover. Product-Group=junos	When multicast virtual private network (MVPN) and nonstop active routing (NSR+GRES) configured, doing several consecutive switchovers after routing-instance (RI) removal/add might cause kernel routing table (KRT) to get stuck. MVPN routes could not be successfully installed into MVPN routing instance causing service disruption.
PR Number	Synopsis	Category: show route table commands, tracing, and syslog facilities
1421076	The rpd process might crash when the prefix list address is changed from IPv4 to IPv6. Product-Group=junos	RPD crash might occur when changing a prefix-list address from IPv4 to IPv6 with "replace-pattern"
PR Number	Synopsis	Category: Resource Reservation Protocol
1359087	The FPC might be stuck in the Ready state after making a change in the configuration that removes RSVP and triggers FPC restart. Product-Group=junos	When 'tunnel-services' is configured under 'chassis fpc <> pic <>', the vt-x/y/z physical interface (IFD) is created for the corresponding FPC. If 'protocols rsvp' is configured, RSVP will create a default vt-x/y/z.u logical interface (IFL) under the corresponding vt-x/y/z IFD. After applying a configuration change that will remove RSVP and trigger FPC restart, the vt-x/y/z.u IFL is not cleaned up due to a code issue. Hence the corresponding vt-x/y/z IFD cannot be cleaned up during the corresponding FPC coming up. The IFD cleaning keeps retrying which cause the corresponding FPC to be stuck in 'Ready' state.
PR Number	Synopsis	Category: RPD API infrastructure
1481953	The rpd process might crash when executing show route protocol l2-learned-host-routing or show route protocol rift CLI command on a router. Product-Group=junos	On all Junos platforms, executing the CLI command of "show route protocol l2-learned-host-routing" or "show route protocol rift" on a router may cause the rpd crash if there is an active route in bgp.rtarget.0 routing table.
PR Number	Synopsis	Category: MPC7/8/9 Interface Issues
1441816	Egress stream flush failure and traffic black hole might occur. Product-Group=junos	Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003.
1513321	The wavelength configured using CLI might not be set on SFP+-10G-T-DWDM-ZR optics when the optics is used on MPC7E line card. Product-Group=junos	The code change in PR 1410877 (which is fixed in 19.1R1 19.2R1) broke the wavelength configuration for tunable optics on MPC7E line card. After configuring 'interfaces <> optics-options wavelength' for interfaces using SFP+-10G-T-DWDM-ZR optics on MPC7E line card, the wavelength configured might not take effect on these interfaces.
PR Number	Synopsis	Category: MX10003/MX204 Linux issues (including driver issues)
1492121	MX10003 RCB always detect fire temp and shutdown in short time after downgrade. Product-Group=junosvae	On the MX10003 platform, if we upgrade or downgrade Junos software from a set of original releases to a set of target releases, the system might detect incorrect temperature values and shutdown. The set of the original releases are: Junos 18.2R3, 18.3R3, 18.4R2, 19.1R2, 19.2R1, 19.3R1. The set of the target releases are: Junos pre-18.2R3, pre-18.3R3, pre-18.4R2, pre-19.1R2, pre-19.2R1, and pre-19.3R1 releases
PR Number	Synopsis	Category: MX10003/MX204 MPC defects tracking
1474231	MX10000 QSA adapter lane 0 port goes in the down state when disabling one of the other lanes. Product-Group=junos	When QSA adapter is installed, the Lane 0 port might be also in down state when disabling one of the other lanes (1, 2 or 3) due to the chan number not entertained. It is not expected behaviour and it might affect service.
PR Number	Synopsis	Category: Trio pfe bridging, learning, stp, oam, irb software
1502867	Traffic originated from another subnet is sent out with 0x8100 instead of 0x88a8. Product-Group=junos	On the MX platforms with MPC7/8/9 installed, when an interface configured with vlan-tags outer tpid (tag protocol ID) 0x88a8 on these line cards, traffic originated from another subnet will be sent out with 0x8100. It will cause traffic to get dropped at the remote site.
PR Number	Synopsis	Category: Trio pfe mpls- lsps,rsvp,vpns- ccc, tcc software
1452866	The traffic might silently get dropped and discarded after the LACP timeout. Product-Group=junos	In Link Aggregation Control Protocol (LACP) with Unilist next-hop scenario, when Resource Reservation Protocol (RSVP) protection or BGP Prefix-Independent Convergence (PIC)is used, if the LACP interface flapping happens fast enough, which might cause traffic blackhole. Due to a delay which causes the first "link down message" arriving at Packet Forwarding Engine (PFE) after the "link up message" already being received. So that PFE marks both of the primary and backup next-hop as unusable. (This is a timing issue)
PR Number	Synopsis	Category: Issues related to all UI tools (mgd-bsd/cli-bsd, XML and DMI
1480208	Multiple SQLite vulnerabilities are resolved. Product-Group=junos	In Junos OS, the majority of attack vectors in this announcement require multiple chaining attack events to be successful against services which do not directly call SQLite. For the attacker to be able to access and successfully execute commands on the device, only one attack vector is known to exist. Please refer to https://kb.juniper.net/JSA11055 for more information.
PR Number	Synopsis	Category: MX10K platform
1481054	100G interface may randomly fail to come up after maintenance operations Product-Group=junos	On MX10008/MX10016 platforms with QSFP-100GBASE-LR4 optics, these 100GE interfaces may randomly fail to come up after maintenance operations (such as power cycle, software upgrade, or reboot of RE/FPC, etc) due to QSFP hardware initialization failure.

19.1R2-S2 - List of Known issues

PR Number	Synopsis	Category: NFX Series Platform Software
1462556	Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669) Product-Group=junos	The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
PR Number	Synopsis	Category: Manageability for Node Virtualization
1527322	Dvaita JDM: Commit Error Messages are coming twice while validating physical-cores knob Product-Group=junosvae	Commit error messages get printed twice while validating physical-cores knob for GNFs.
PR Number	Synopsis	Category: jdhcpd daemon
1430874	Junos OS: jdhcpd process crash when forwarding a malformed DHCP packet. (CVE-2020-1661) Product-Group=junos	On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. Refer to https://kb.juniper.net/JSA11056 for more information.
PR Number	Synopsis	Category: Firewall Policy
1471621	The count option in the security policy does not take effect even if the policy count is enabled. Product-Group=junos	On SRX Series devices that have a security policy counter deployed, the count option in the security policy might not work. As a result, issuing show security policies <> detail might not print traffic statistics for the security policy.
PR Number	Synopsis	Category: IPSEC/IKE VPN
1517262	The flowd might crash in IPsec VPN scenario Product-Group=junos	On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue.
PR Number	Synopsis	Category: Path computation client daemon
1472051	PCC tries to send a report to PCE but the connection between PCC and PCE is not in the up state especially in the case of MBB in PCE provisioned or controlled LSP. Product-Group=junos	The pccd core and PCEP (Path Computation Element Protocol) session flaps might be seen when PCC (Path Computation Client) tries to send a report to PCE but the connection between PCC and PCE is not in UP state. It might also cause rpd core. This issue might happen in MBB (Make-before-break) cases in PCE provisioned/controlled LSP or doing ISSU upgrade operation.
PR Number	Synopsis	Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1466567	Junos OS: MX Series: Services card might restart due to a race condition when DNS filtering is enabled. (CVE-2020-1667) Product-Group=junos	When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing "URL Filtering service", can crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. Refer to https://kb.juniper.net/JSA11064 for more information.
1469188	Junos OS: MX Series: Receipt of specific packets can cause services card to restart when DNS filtering is configured. (CVE-2020-1660) Product-Group=junos	When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS Filtering service are no longer protected and at risk of exploitation. Refer to https://kb.juniper.net/JSA11054 for more information

Knowledge Base