Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.1R1-S6: Software Release Notification for JUNOS Software Version 19.1R1-S6

0

0

Article ID: TSB17926 TECHNICAL_BULLETINS Last Updated: 16 Apr 2021Version: 2.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.1R1-S6 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.1R1-S6 is now available.

19.1R1-S6 - List of Fixed issues
PR Number Synopsis Category: EX2300/3400 PFE
1491905 Junos OS: EX2300 Series: High CPU load due to receipt of specific multicast packets on layer 2 interface (CVE-2020-1668)
Product-Group=junos
On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. Refer to https://kb.juniper.net/JSA11065 for more information.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1495890 EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment. (CVE-2020-1687) & High CPU load due to receipt of specific layer 2 frames when deployed in a Virtual Chassis configuration (CVE-2020-1689)
Product-Group=junos
JSA11084 Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment. (CVE-2020-1687): On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption. Refer to https://kb.juniper.net/JSA11084 for more information. JSA11086 Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames when deployed in a Virtual Chassis configuration (CVE-2020-1689) On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone configuration. Refer to https://kb.juniper.net/JSA11086 for more information.
PR Number Synopsis Category: Device Configuration Daemon
1519334 Buffer overflow vulnerability in a device control daemon is observed.
Product-Group=junos
A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. Please refer to https://kb.juniper.net/JSA11061 for more information.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1473151 Junos OS: SRX Series: High CPU load due to processing for HTTP traffic when Application Identification is enabled.
Product-Group=junos
On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Refer to https://kb.juniper.net/JSA11081 for more information.
PR Number Synopsis Category: Express PFE Services including JTI, TOE, HostPath, Jflow
1495788 Junos OS: PTX/QFX Series: Kernel Routing Table (KRT) queue stuck after J-Flow sampling a malformed packet (CVE-2020-1679)
Product-Group=junos
On Juniper Networks PTX/QFX Series devices, J-Flow sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. Refer to https://kb.juniper.net/JSA11076 for more information.
PR Number Synopsis Category: jdhcpd daemon
1511782 Receipt of the malformed DHCPv6 packets causes the jdhcpd process to crash.
Product-Group=junos
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. Refer to https://kb.juniper.net/JSA11068 for more information.
1512765 The jdhcpd process crashes when a specific DHCPDv6 packet is processed in the DHCPv6 relay configuration.
Product-Group=junos
On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. Refer to https://kb.juniper.net/JSA11069 for more information.
PR Number Synopsis Category: Application aware Quality-of-Service
1486905 Junos OS: SRX1500, vSRX, SRX4K, NFX150: Denial of service vulnerability executing local CLI command (CVE-2020-1682)
Product-Group=junos
An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. Refer to https://kb.juniper.net/JSA11079 for more information.
PR Number Synopsis Category: Port-based link layer security services and protocols that a
1503010 Junos OS and Junos OS Evolved: MACsec delay protection fails to drop/discard delayed MACsec packets (CVE-2020-1674)
Product-Group=junos
Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard delayed MACsec packets (e.g. delayed by more than 2 seconds); Refer to https://kb.juniper.net/JSA11071 for more information.
PR Number Synopsis Category: "ifstate" infrastructure
1439906 FPC might reboot if jlock hog occurs on all Junos VM based platforms.
Product-Group=junos
On a JUNOS VM using TSC clocking from the host system, "jlock hog" messages may be seen. This may lead to FPCs reboot.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1502386 Junos OS: Arbitrary code execution vulnerability in Telnet server (CVE-2020-10188)
Product-Group=junos
A vulnerability in the telnetd Telnet server allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. Refer to https://kb.juniper.net/JSA11057 for more information.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1424819 The rpd keeps crashing after changing configuration.
Product-Group=junos
In the ECMP (Equal-Cost Multipath) environment with existing more than 8 multipath for a given route, changing configuration (e.g. delete routing protocol IGP or LSP) is trying to delete a software structure which was already corrupted sometime earlier due to memory corruption, and this may cause the rpd to keep crashing. This issue applies to all types of nexthops with multipath.
 

19.1R1-S6 - List of Known issues (removed due to data inaccuracy)
Modification History:
Updated 2021-04-16 - removing "Known Issues" due to data inaccuracy
First publication date 2020-12-03
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search