ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX

Junos Software Service Release version 19.1R1-S6 is now available for download from the Junos software download site
Download Junos Software Service Release:

1. Go to Junos Platforms - Download Software page
2. Input your product in the "Find a Product" search box
3. From the Type/OS drop-down menu, select Junos SR
4. From the Version drop-down menu, select your version
5. Click the Software tab
6. Select the Install Package as need and follow the prompts

Junos Software service Release version 19.1R1-S6 is now available.

19.1R1-S6 - List of Fixed issues

PR Number	Synopsis	Category: EX2300/3400 PFE
1491905	Junos OS: EX2300 Series: High CPU load due to receipt of specific multicast packets on layer 2 interface (CVE-2020-1668) Product-Group=junos	On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. Refer to https://kb.juniper.net/JSA11065 for more information.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1495890	EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment. (CVE-2020-1687) & High CPU load due to receipt of specific layer 2 frames when deployed in a Virtual Chassis configuration (CVE-2020-1689) Product-Group=junos	JSA11084 Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment. (CVE-2020-1687): On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption. Refer to https://kb.juniper.net/JSA11084 for more information. JSA11086 Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames when deployed in a Virtual Chassis configuration (CVE-2020-1689) On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone configuration. Refer to https://kb.juniper.net/JSA11086 for more information.
PR Number	Synopsis	Category: Device Configuration Daemon
1519334	Buffer overflow vulnerability in a device control daemon is observed. Product-Group=junos	A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. Please refer to https://kb.juniper.net/JSA11061 for more information.
PR Number	Synopsis	Category: Covers Application classification workflows apart from custo
1473151	Junos OS: SRX Series: High CPU load due to processing for HTTP traffic when Application Identification is enabled. Product-Group=junos	On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Refer to https://kb.juniper.net/JSA11081 for more information.
PR Number	Synopsis	Category: Express PFE Services including JTI, TOE, HostPath, Jflow
1495788	Junos OS: PTX/QFX Series: Kernel Routing Table (KRT) queue stuck after J-Flow sampling a malformed packet (CVE-2020-1679) Product-Group=junos	On Juniper Networks PTX/QFX Series devices, J-Flow sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. Refer to https://kb.juniper.net/JSA11076 for more information.
PR Number	Synopsis	Category: jdhcpd daemon
1511782	Receipt of the malformed DHCPv6 packets causes the jdhcpd process to crash. Product-Group=junos	On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. Refer to https://kb.juniper.net/JSA11068 for more information.
1512765	The jdhcpd process crashes when a specific DHCPDv6 packet is processed in the DHCPv6 relay configuration. Product-Group=junos	On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. Refer to https://kb.juniper.net/JSA11069 for more information.
PR Number	Synopsis	Category: Application aware Quality-of-Service
1486905	Junos OS: SRX1500, vSRX, SRX4K, NFX150: Denial of service vulnerability executing local CLI command (CVE-2020-1682) Product-Group=junos	An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. Refer to https://kb.juniper.net/JSA11079 for more information.
PR Number	Synopsis	Category: Port-based link layer security services and protocols that a
1503010	Junos OS and Junos OS Evolved: MACsec delay protection fails to drop/discard delayed MACsec packets (CVE-2020-1674) Product-Group=junos	Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard delayed MACsec packets (e.g. delayed by more than 2 seconds); Refer to https://kb.juniper.net/JSA11071 for more information.
PR Number	Synopsis	Category: "ifstate" infrastructure
1439906	FPC might reboot if jlock hog occurs on all Junos VM based platforms. Product-Group=junos	On a JUNOS VM using TSC clocking from the host system, "jlock hog" messages may be seen. This may lead to FPCs reboot.
PR Number	Synopsis	Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1502386	Junos OS: Arbitrary code execution vulnerability in Telnet server (CVE-2020-10188) Product-Group=junos	A vulnerability in the telnetd Telnet server allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. Refer to https://kb.juniper.net/JSA11057 for more information.
PR Number	Synopsis	Category: RPD Next-hop issues including indirect, CNH, and MCNH
1424819	The rpd keeps crashing after changing configuration. Product-Group=junos	In the ECMP (Equal-Cost Multipath) environment with existing more than 8 multipath for a given route, changing configuration (e.g. delete routing protocol IGP or LSP) is trying to delete a software structure which was already corrupted sometime earlier due to memory corruption, and this may cause the rpd to keep crashing. This issue applies to all types of nexthops with multipath.

 

---

19.1R1-S6 - List of Known issues

PR Number	Synopsis	Category: NFX Series Platform Software
1462556	Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669) Product-Group=junos	The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
PR Number	Synopsis	Category: Border Gateway Protocol
1497721	Receipt of certain genuine BGP packets from any BGP speaker causes the rpd process to crash. Product-Group=junos	An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11024 for more information.
PR Number	Synopsis	Category: User Firewall related issues
1415987	The command show security firewall-authentication jims statistics shows output statistics of both primary JIMS server and secondary JIMS server. Product-Group=junos	From 15.1X49-D170 and later, command "show security firewall-authentication jims statistics" will output statistics of both primary jims server and secondary jims server like root@a02-41> show security firewall-authentication jims statistics Primary server: Push success counter: 1 Push failure counter: 0 Secondary server: Push success counter: 1 Push failure counter: 0 root@a02-41>
PR Number	Synopsis	Category: VMX wrlinux changes
1452915	The VMX might drop packets that are needed for fragmentation Product-Group=junos	On the VMX platform, if the traffic mixes packets that need to be fragmented and does not need to be fragmented, the packet needed for fragmentation is 100% dropped.
PR Number	Synopsis	Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1441517	Junos OS: MX Series: MS-MPC/MIC might crash when processing malformed IPv6 packet in NAT64 configuration. (CVE-2020-1680) Product-Group=junos	On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. This issue occurs when a multiservice card is translating the malformed IPv6 packet to IPv4 packet. Refer to https://kb.juniper.net/JSA11077 for more information.

First publication date 2020-12-03