Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles19.2R1-S6: Software Release Notification for JUNOS Software Version 19.2R1-S6
Junos Software service Release version 19.2R1-S6 is now available.
19.2R1-S6 - List of Fixed issues| PR Number | Synopsis | Category: EX2300/3400 platform |
|---|---|---|
| 1535106 | EX2300/EX3400 : RTC ERROR and SETTIME failed messages is seen Product-Group=junos |
On EX2300 and EX3400 series, you may observe RTC ERROR and SETTIME failed message sometimes without trigger. |
| PR Number | Synopsis | Category: NFX Layer 3 Features Software |
| 1437824 | "LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified" messages seen while committing configurations Product-Group=junos |
"LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified" messages might be seen while committing CoS configurations on PTX/MX/NFX |
| PR Number | Synopsis | Category: Accounting Profile |
| 1509114 | The pfed might crash when running 'show pfe fpc x'. Product-Group=junos |
When the pfed is running on a 64 bit machine, it might crash after issuing the command "show pfe fpc x". |
| PR Number | Synopsis | Category: JUNOS kernel/ukernel changes for ACX |
| 1509402 | On the ACX710 router, the Packet Forwarding Engine might crash and the fpc process might remain down. Product-Group=junos |
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up. |
| PR Number | Synopsis | Category: Track PRs in BGP Flow Spec area & is part of BGP inside RPD. |
| 1539109 | Junos OS and Junos OS Evolved: Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted. (CVE-2021-0211) Product-Group=junos |
Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted. Please refer to https://kb.juniper.net/JSA11101 for more information. |
| PR Number | Synopsis | Category: MX-ELM l2ng stormcontrol |
| 1552815 | The knob 'action-shutdown' of storm control does not work for ARP broadcast packets Product-Group=junos |
With knob 'action-shutdown' configured in storm control scenario, the interface will not go to shutdown state if ARP storm exceeds the configured limit. The excess packets will be dropped normally. |
| PR Number | Synopsis | Category: Firewall Filter |
| 1465093 | On MX10008 and MX10016 routers, the bandwidth-limit policer cannot be set higher than 100 gigabits. Product-Group=junos |
MX10008 and MX10016's "policer bandwidth-limit" can not be set higher than 100G. |
| PR Number | Synopsis | Category: This is for all defects raised against dns-proxy feature |
| 1512212 | Junos OS: SRX Series: ISC Security Advisory: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) Product-Group=junos |
On Juniper Networks Junos OS SRX Series devices an uncontrolled resource consumption vulnerability in BIND may allow an attacker to cause a Denial of Service (DoS) condition. When these devices are configured to use DNS Proxy, these devices do not sufficiently limit the number of fetches performed when processing referrals. In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. In its original design BIND (as well as other nameservers) does not sufficiently limit the number of fetches which may be performed while processing a referral response. A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. Refer to https://kb.juniper.net/JSA11090 for more information. |
| PR Number | Synopsis | Category: Express PFE MPLS Features |
| 1502385 | The following error message might be observed during MPLS route add, change, or delete operation: mpls_extra NULL. Product-Group=junos |
On ACX, PTX and QFX platforms, after flapping MPLS routes, the error message "mpls_extra NULL" might be seen and the traffic might be impacted. |
| PR Number | Synopsis | Category: Express ASIC interface |
| 1461404 | On the PTX5000 routers, for the FPC3 line card, the optics-options syslog and link-down do not work as expected. Product-Group=junos |
On PTX5k with FPC3-PTX-U3 (FPC), T6E PIC with QSFP optics (15x100GE/15x40GE/60x10GE QSFP28, 96x10/24x40GE QSFP 28, 10x100GE/10x40GE/40x10GE QSFP28 PIC), optics-options syslog and link-down is not working as expected, eg: for Low Warning Breach event, when configured action is syslog only, link goes down, which result in traffic drop. |
| PR Number | Synopsis | Category: Integrated Routing & Bridging (IRB) module |
| 1436924 | IRB over VTEP unicast traffic might get dropped on MX Series platforms. Product-Group=junos |
On EX9200/MX platforms running as Provider Edge (PE) nodes in Ethernet Virtual Private Network (EVPN) and Virtual extension LAN (VxLAN) scenario, if the enhanced-ip mode is enabled for chassis configuration, and the EVPN routing instance is configured with Integrated Routing and Bridging (IRB) interface, the unicast traffic which is sent through IRB over Virtual Tunnel End Point (VTEP) might get dropped since it couldn't get routed towards core network due to this issue. [TSB17770] |
| PR Number | Synopsis | Category: ISIS routing protocol |
| 1514867 | The IS-IS SR routes might not be updated to reflect the change in the SRMS advertisements. Product-Group=junos |
On all Junos platforms, ISIS protocol running with Segment Routing and LDP, if both ISIS levels are enabled on all routers and if conflicting ISIS Segment Routing Mapping Server(SRMS) advertisements are present across the ISIS topology, removal of the preferred SRMS advertisement by the originating node might not be reflected in the corresponding ISIS SR routes on the other nodes. The Labeled-ISIS (ISIS-SR) routes might not be updated to reflect the change in SRMS advertisements. This could potentially lead to traffic drops. |
| PR Number | Synopsis | Category: PFE infra to support jvision |
| 1547698 | SENSOR APP DWORD leak is observed during the period of churn for routes bound to the sensor group. Product-Group=junos |
SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group. Sensor types that are affected are Segment Routing, Segment Routing-TE, LDP and RSVP LSPs. |
| PR Number | Synopsis | Category: Layer 2 Control Module |
| 1561235 | The l2cpd core might be seen on reboot Product-Group=junos |
When xSTP is used, the l2cpd core might be seen on reboot. This will be a one-time core and will not impact on functionality. |
| PR Number | Synopsis | Category: Label Distribution Protocol |
| 1527197 | LDP routes might be deleted from MPLS routing table after RE switchover Product-Group=junos |
On all Junos platforms with NSR and segment routing for ISIS configured, LDP routes might be deleted on new master RE's MPLS routing table after RE switchover. |
| PR Number | Synopsis | Category: Issues related to Junos licensing infrastructure |
| 1519336 | Junos OS: Command injection vulnerability in license-check daemon (CVE-2021-0218) Product-Group=junos |
A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. Please refer to https://kb.juniper.net/JSA11108 for more information. |
| PR Number | Synopsis | Category: Multiprotocol Label Switching |
| 1465902 | The device might use the local-computed path for the PCE-controlled LSPs after link/node failure. Product-Group=junos |
In a Path Computation Element Communication Protocol (PCEP) scenario where the link/node protection is enabled, the PCE-controlled LSPs may shift to the local-computed path after link/node failure upon path retry processing. |
| 1467278 | The rpd might crash in PCEP for the RSVP-TE scenario. Product-Group=junos |
In PCEP (Path Computation Element Protocol) with RSVP Traffic Engineered LSP (TE LSP) scenario, the two LSPs with the same TE LSP name might be shared between Path Computation Element (PCE) and Path Computation Client (PCC) in some rare cases. Then, if the configuration of LSP is delegated from CLI and externally controlled by PCC at the same time, the rpd might be crashed. |
| PR Number | Synopsis | Category: Fabric Manager for MX |
| 1482124 | Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot Product-Group=junos |
In specific MPC hardware failure conditions within the MX2K platform, fabric healing will attempt to auto-heal the fault location in 3 phases to prevent traffic blackholing. If under such fault conditions only destination timeouts are reported without corresponding link errors, the fabric healing process might restart all MPCs in phase-2 in an auto-healing attempt and if the error condition appears again within 10 minutes the last phase-3 might offline all MPCs in the system. MX2K platform exposure with SFB2, SFB3. With SFB installed only if 'set chassis fabric disable-grant-bypass' is configured. |
| PR Number | Synopsis | Category: IDS features available on MS-MPC/MIC |
| 1536100 | Junos OS: MX Series: Dynamic filter fails to match IPv6 prefix (CVE-2021-0205) Product-Group=junos |
When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the prefix as /32, causing the filter to block unexpected traffic. Refer to https://kb.juniper.net/JSA11095 for more information. |
| PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
| 1500902 | The redundancy gmac drivers might cause the unexpected behaviors in the EX2300, EX2300-MP, EX3400, ACX710 platforms Product-Group=junos |
If some redundancy gmac drivers are used on the FreeBSD system of the EX2300, EX2300-MP, EX3400, ACX710 platforms, some behaviors might not be consistent between the PHY (physical layer) function and the SerDes (Serializer/Deserializer) function. Then the management connections between the optic interfaces and ASIC/backplane fabric/PICe bus might be unstable, the management traffic (e.g. management interface might be unavailable) might be disrupted. |
| 1525318 | Junos OS: telnetd.real Local Privilege Escalation vulnerabilities in SUID binaries (CVE-2021-0223) Product-Group=junos |
A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. Please refer to https://kb.juniper.net/JSA11114 for more information. |
| 1537696 | Errors might be seen when dumping vmcore on EX2300/EX3400 series Product-Group=junos |
On EX2300/EX3400, the vmcore might not be available and the device might hang while trying to generate core files via the rescue kernel. This might be caused by the ARM dumper device supporting only a fixed 512 byte block size, rather than scaling to any block size. This might cause loss of debug ability for the device. |
| PR Number | Synopsis | Category: Kernel VPLS infrastructure |
| 1516514 | Host generated traffic might get lost because the current forwarding member nexthop is down while there is still other member nexthop being up Product-Group=junos |
On Junos devices with "load-balance per-packet" configured, on releases without PR 1469085 fix, or on releases with PR 1469085 fix but the hidden knob "set system kernel-options select-active-unilist-member" is not configured, host generated traffic may still get forwarded via the current forwarding member nexthop of the unilist nexthop, even the forwarding member nexthop is down, hence there might be traffic loss. PR 1469085 introduced a fix, that chooses an active unicast nexthop member of the unilist nexthop when the current forwarding nexthop is down. Currently this logic is controlled by a config knob (system kernel-options select-active-unilist-member) using sysctl "net.sel_actv_ulist_mem". The intent of this PR is to make this behaviour default to the system, by detaching the sysctl controlling code from the config knob handler routine. The knob attribute (select-active-unilist-member) is marked deprecated. Further modifications are done to rnh_is_active() API's logic to always pick a forwardable nexthop. |
| PR Number | Synopsis | Category: vMX Data Plane Issues |
| 1534145 | The riot might crash due to a rare issue if vMX run in performance mode Product-Group=junos |
If vMX product is configured to run in performance mode via configuring "chassis fpc 0 performance-mode" (Note: performance mode is enabled by default starting from Junos OS Release 15.1F6), flow cache will be used to improve the traffic forwarding performance. With performance mode enabled, if traffic cause a single flow in the flow cache to have a large number of flow actions which hit the max supported number (i.e. 18) of flow actions (Typically, the addition of lots of firewall counters and policers in a single flow can make it add up), the riot might crash. It is a rare issue. |
| 1544856 | The riot forwarding daemon crash might be observed on vMX based platforms configured with IRB interface Product-Group=junos |
On vMX based platforms enabled with IRB interface, the riot forwarding daemon crash might be observed which could lead to traffic loss. |
| PR Number | Synopsis | Category: vMX Platform Infrastructure related issue tracking |
| 1548422 | Traffic with jumbo frame may be discarded on the vMX platforms Product-Group=junos |
On the VMX platforms which are installed on ESXI 6.7 with vmxnet3 driver, traffic with jumbo frame (Packets with MTU more than 1500) may be discarded upon receiving. |
| PR Number | Synopsis | Category: Interface related issues. Port up/down, stats, CMLC , serdes |
| 1512203 | Channelized interfaces might fail to come up. Product-Group=junos |
On QFX5210 platform with knob "auto-speed-detection" enabled (enabled by default), some interfaces might stay in down state due to improper channelization by the device. |
| PR Number | Synopsis | Category: QFX L2 PFE |
| 1514145 | Junos OS: EX Series and QFX Series: Memory leak issue processing specific DHCP packets (CVE-2021-0217) Product-Group=junos |
A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Series switches running Juniper Networks Junos OS with DHCP local/relay server configured may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or to crashing of the fxpc process. Please refer to https://kb.juniper.net/JSA11107 for more information. |
| PR Number | Synopsis | Category: RPD policy options |
| 1476530 | Support for dynamic tunnels on SRX Series devices was mistakenly removed. Product-Group=junos |
Support for dynamic-tunnels on SRX-Series devices was mistakenly removed. |
| PR Number | Synopsis | Category: Resource Reservation Protocol |
| 1493718 | JSA11098 Junos OS and Junos OS Evolved: In bidirectional LSP configurations, on MPLS egress router RPD may core upon receipt of specific malformed RSVP packet. (CVE-2021-0208) Product-Group=junos |
An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Please refer to https://kb.juniper.net/JSA11098 for further information. |
| PR Number | Synopsis | Category: SW PRs for SCBE3 related kernel drivers |
| 1564539 | MX platforms with MX-SCBE3 may reboot continuously. Product-Group=junos |
A recent change in the kernel boot loader causes a system with MX-SCBE3 to experience the Routing Enginne's kernel memory corruption which causes the system to reboot continuously. |
| PR Number | Synopsis | Category: platform related PRs on SRX branch platforms |
| 1512810 | Junos OS: SRX Series: A logic error in BIND can be used to trigger a Denial of Service (DoS) (CVE-2020-8617) Product-Group=junos |
A vulnerability in BIND code, used in Juniper Networks Junos OS on SRX Series devices, which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger an assertion failure in tsig.c, resulting in a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA11091 for more information. |
| PR Number | Synopsis | Category: MX10002 Platform SW - Platform s/w defects |
| 1426120 | On MX204 or MX10003, MPC reboot or Routing Engine mastership switchover might occur. Product-Group=junos |
On MX204 and MX10003 platforms, if there's high rate of fragmented traffic received on the em3 interface, em3 watchdog timeout might occur. It could cause MPC reboot or RE mastership switchover. |
| PR Number | Synopsis | Category: MX10003/MX204 Linux issues (including driver issues) |
| 1492121 | The MX10003 router might shut itself down automatically after the system upgrades or downgrades. Product-Group=junosvae |
On the MX10003 platform, if we upgrade or downgrade Junos software from a set of original releases to a set of target releases, the system might detect incorrect temperature values and shutdown. The set of the original releases are: Junos 18.2R3, 18.3R3, 18.4R2, 19.1R2, 19.2R1, 19.3R1. The set of the target releases are: Junos pre-18.2R3, pre-18.3R3, pre-18.4R2, pre-19.1R2, pre-19.2R1, and pre-19.3R1 releases |
| PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
| 1519337 | Junos OS: Command injection vulnerability in 'request system software' CLI command (CVE-2021-0219) Product-Group=junos |
A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command 'request system software add validate-on-host' via the CLI. An attacker with access to this CLI command may be able to exploit this vulnerability. Please refer to https://kb.juniper.net/JSA11109 for more information. |
| 1553577 | The command "request system software validate on host" does not validate the correct configuration file Product-Group=junos |
When using the "request system software validate on host username ", please use the latest os-package on remote host for it to properly use the configuration file sent from the host whose configuration file is being validated. |
| PR Number | Synopsis | Category: PTX/QFX10002/8/16 specific software components |
| 1475871 | Traffic loss might be seen as backup Routing Engine takes around 20 seconds to acquire mastership Product-Group=junos |
On the (MX|PTX|QFX)10008/10016 platforms installed with JNP10K-RE1, when GRES and NSR are configured, backup RE will take about 20 seconds to acquire mastership after kernel crash on master RE. Due to this long switching time, traffic loss might be seen. Normal RE mastership switchovers are not affected by this issue. |
| PR Number | Synopsis | Category: MX10K platform |
| 1481054 | 100G interface may randomly fail to come up after maintenance operations Product-Group=junos |
On MX10008/MX10016 platforms with QSFP-100GBASE-LR4 optics, these 100GE interfaces may randomly fail to come up after maintenance operations (such as power cycle, software upgrade, or reboot of RE/FPC, etc) due to QSFP hardware initialization failure. |
| PR Number | Synopsis | Category: NFX Series Platform Software |
|---|---|---|
| 1462556 | Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669) Product-Group=junos |
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information. |
| PR Number | Synopsis | Category: MX-ELM l2ng stormcontrol |
| 1552815 | The knob 'action-shutdown' of storm control does not work for ARP broadcast packets Product-Group=junosvae |
With knob 'action-shutdown' configured in storm control scenario, the interface will not go to shutdown state if ARP storm exceeds the configured limit. The excess packets will be dropped normally. |
| PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
| 1518898 | The kernel might crash if a file/directory is accessed for the first time and is not created locally. Product-Group=junos |
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue. |
| PR Number | Synopsis | Category: uboot & loader for DCG TOR and CB |
| 1536799 | Software recovery or installation using the Bootable USB Flash Drive option might fail Product-Group=junosvae |
Using "Bootable USB Flash Drive" to recover/install software may fail on the platforms with releases starting from 19.3, after power cycle (off/on). |
| PR Number | Synopsis | Category: platform related PRs on SRX branch platforms |
| 1542931 | Tail drops might occur on branch SRX platforms if shaping-rate is configured on lt- interface Product-Group=junos |
On the branch SRX platforms, if shaping-rate greater than 2 Mbps and lower than 10Mbps is set on the lt- interface, the maximum traffic rate might not reach shaping-rate, or there might be tail drops during traffic burst. |
| PR Number | Synopsis | Category: Virtual Router Redundancy Protocol |
| 1558560 | Junos device might send VRRP advertisement packets in VRRP init or idle state before startup-silent-period timer expiry after performing GRES on VRRP master device with NSR disabled Product-Group=junos |
If VRRP master device has dual Routing Engines (REs) and GRES enabled but nonstop-routing (NSR) disabled, after performing GRES, both REs will move to VRRP init then idle state and the new master RE will send VRRP advertisement packets in this stage before startup-silent-period timer expiry. Since the VRRP backup device can still receive the VRRP advertisement packets with higher priority, it will not transition to VRRP master state and hence cause the longer traffic downtime until the VRRP master device re-take the VRRP mastership after startup-silent-period timer expiry. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search