Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.2R1-S6: Software Release Notification for JUNOS Software Version 19.2R1-S6

0

0

Article ID: TSB18019 TECHNICAL_BULLETINS Last Updated: 26 Mar 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.2R1-S6 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 19.2R1-S6 is now available.

19.2R1-S6 - List of Fixed issues
PR Number Synopsis Category: EX2300/3400 platform
1535106 EX2300/EX3400 : RTC ERROR and SETTIME failed messages is seen
Product-Group=junos
On EX2300 and EX3400 series, you may observe RTC ERROR and SETTIME failed message sometimes without trigger.
PR Number Synopsis Category: NFX Layer 3 Features Software
1437824 "LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified" messages seen while committing configurations
Product-Group=junos
"LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified" messages might be seen while committing CoS configurations on PTX/MX/NFX
PR Number Synopsis Category: Accounting Profile
1509114 The pfed might crash when running 'show pfe fpc x'.
Product-Group=junos
When the pfed is running on a 64 bit machine, it might crash after issuing the command "show pfe fpc x".
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1509402 On the ACX710 router, the Packet Forwarding Engine might crash and the fpc process might remain down.
Product-Group=junos
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up.
PR Number Synopsis Category: Track PRs in BGP Flow Spec area & is part of BGP inside RPD.
1539109 Junos OS and Junos OS Evolved: Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted. (CVE-2021-0211)
Product-Group=junos
Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted. Please refer to https://kb.juniper.net/JSA11101 for more information.
PR Number Synopsis Category: MX-ELM l2ng stormcontrol
1552815 The knob 'action-shutdown' of storm control does not work for ARP broadcast packets
Product-Group=junos
With knob 'action-shutdown' configured in storm control scenario, the interface will not go to shutdown state if ARP storm exceeds the configured limit. The excess packets will be dropped normally.
PR Number Synopsis Category: Firewall Filter
1465093 On MX10008 and MX10016 routers, the bandwidth-limit policer cannot be set higher than 100 gigabits.
Product-Group=junos
MX10008 and MX10016's "policer bandwidth-limit" can not be set higher than 100G.
PR Number Synopsis Category: This is for all defects raised against dns-proxy feature
1512212 Junos OS: SRX Series: ISC Security Advisory: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616)
Product-Group=junos
On Juniper Networks Junos OS SRX Series devices an uncontrolled resource consumption vulnerability in BIND may allow an attacker to cause a Denial of Service (DoS) condition. When these devices are configured to use DNS Proxy, these devices do not sufficiently limit the number of fetches performed when processing referrals. In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. In its original design BIND (as well as other nameservers) does not sufficiently limit the number of fetches which may be performed while processing a referral response. A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. Refer to https://kb.juniper.net/JSA11090 for more information.
PR Number Synopsis Category: Express PFE MPLS Features
1502385 The following error message might be observed during MPLS route add, change, or delete operation: mpls_extra NULL.
Product-Group=junos
On ACX, PTX and QFX platforms, after flapping MPLS routes, the error message "mpls_extra NULL" might be seen and the traffic might be impacted.
PR Number Synopsis Category: Express ASIC interface
1461404 On the PTX5000 routers, for the FPC3 line card, the optics-options syslog and link-down do not work as expected.
Product-Group=junos
On PTX5k with FPC3-PTX-U3 (FPC), T6E PIC with QSFP optics (15x100GE/15x40GE/60x10GE QSFP28, 96x10/24x40GE QSFP 28, 10x100GE/10x40GE/40x10GE QSFP28 PIC), optics-options syslog and link-down is not working as expected, eg: for Low Warning Breach event, when configured action is syslog only, link goes down, which result in traffic drop.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1436924 IRB over VTEP unicast traffic might get dropped on MX Series platforms.
Product-Group=junos
On EX9200/MX platforms running as Provider Edge (PE) nodes in Ethernet Virtual Private Network (EVPN) and Virtual extension LAN (VxLAN) scenario, if the enhanced-ip mode is enabled for chassis configuration, and the EVPN routing instance is configured with Integrated Routing and Bridging (IRB) interface, the unicast traffic which is sent through IRB over Virtual Tunnel End Point (VTEP) might get dropped since it couldn't get routed towards core network due to this issue. [TSB17770]
PR Number Synopsis Category: ISIS routing protocol
1514867 The IS-IS SR routes might not be updated to reflect the change in the SRMS advertisements.
Product-Group=junos
On all Junos platforms, ISIS protocol running with Segment Routing and LDP, if both ISIS levels are enabled on all routers and if conflicting ISIS Segment Routing Mapping Server(SRMS) advertisements are present across the ISIS topology, removal of the preferred SRMS advertisement by the originating node might not be reflected in the corresponding ISIS SR routes on the other nodes. The Labeled-ISIS (ISIS-SR) routes might not be updated to reflect the change in SRMS advertisements. This could potentially lead to traffic drops.
PR Number Synopsis Category: PFE infra to support jvision
1547698 SENSOR APP DWORD leak is observed during the period of churn for routes bound to the sensor group.
Product-Group=junos
SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group. Sensor types that are affected are Segment Routing, Segment Routing-TE, LDP and RSVP LSPs.
PR Number Synopsis Category: Layer 2 Control Module
1561235 The l2cpd core might be seen on reboot
Product-Group=junos
When xSTP is used, the l2cpd core might be seen on reboot. This will be a one-time core and will not impact on functionality.
PR Number Synopsis Category: Label Distribution Protocol
1527197 LDP routes might be deleted from MPLS routing table after RE switchover
Product-Group=junos
On all Junos platforms with NSR and segment routing for ISIS configured, LDP routes might be deleted on new master RE's MPLS routing table after RE switchover.
PR Number Synopsis Category: Issues related to Junos licensing infrastructure
1519336 Junos OS: Command injection vulnerability in license-check daemon (CVE-2021-0218)
Product-Group=junos
A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. Please refer to https://kb.juniper.net/JSA11108 for more information.
PR Number Synopsis Category: Multiprotocol Label Switching
1465902 The device might use the local-computed path for the PCE-controlled LSPs after link/node failure.
Product-Group=junos
In a Path Computation Element Communication Protocol (PCEP) scenario where the link/node protection is enabled, the PCE-controlled LSPs may shift to the local-computed path after link/node failure upon path retry processing.
1467278 The rpd might crash in PCEP for the RSVP-TE scenario.
Product-Group=junos
In PCEP (Path Computation Element Protocol) with RSVP Traffic Engineered LSP (TE LSP) scenario, the two LSPs with the same TE LSP name might be shared between Path Computation Element (PCE) and Path Computation Client (PCC) in some rare cases. Then, if the configuration of LSP is delegated from CLI and externally controlled by PCC at the same time, the rpd might be crashed.
PR Number Synopsis Category: Fabric Manager for MX
1482124 Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot
Product-Group=junos
In specific MPC hardware failure conditions within the MX2K platform, fabric healing will attempt to auto-heal the fault location in 3 phases to prevent traffic blackholing. If under such fault conditions only destination timeouts are reported without corresponding link errors, the fabric healing process might restart all MPCs in phase-2 in an auto-healing attempt and if the error condition appears again within 10 minutes the last phase-3 might offline all MPCs in the system. MX2K platform exposure with SFB2, SFB3. With SFB installed only if 'set chassis fabric disable-grant-bypass' is configured.
PR Number Synopsis Category: IDS features available on MS-MPC/MIC
1536100 Junos OS: MX Series: Dynamic filter fails to match IPv6 prefix (CVE-2021-0205)
Product-Group=junos
When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the prefix as /32, causing the filter to block unexpected traffic. Refer to https://kb.juniper.net/JSA11095 for more information.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1500902 The redundancy gmac drivers might cause the unexpected behaviors in the EX2300, EX2300-MP, EX3400, ACX710 platforms
Product-Group=junos
If some redundancy gmac drivers are used on the FreeBSD system of the EX2300, EX2300-MP, EX3400, ACX710 platforms, some behaviors might not be consistent between the PHY (physical layer) function and the SerDes (Serializer/Deserializer) function. Then the management connections between the optic interfaces and ASIC/backplane fabric/PICe bus might be unstable, the management traffic (e.g. management interface might be unavailable) might be disrupted.
1525318 Junos OS: telnetd.real Local Privilege Escalation vulnerabilities in SUID binaries (CVE-2021-0223)
Product-Group=junos
A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. Please refer to https://kb.juniper.net/JSA11114 for more information.
1537696 Errors might be seen when dumping vmcore on EX2300/EX3400 series
Product-Group=junos
On EX2300/EX3400, the vmcore might not be available and the device might hang while trying to generate core files via the rescue kernel. This might be caused by the ARM dumper device supporting only a fixed 512 byte block size, rather than scaling to any block size. This might cause loss of debug ability for the device.
PR Number Synopsis Category: Kernel VPLS infrastructure
1516514 Host generated traffic might get lost because the current forwarding member nexthop is down while there is still other member nexthop being up
Product-Group=junos
On Junos devices with "load-balance per-packet" configured, on releases without PR 1469085 fix, or on releases with PR 1469085 fix but the hidden knob "set system kernel-options select-active-unilist-member" is not configured, host generated traffic may still get forwarded via the current forwarding member nexthop of the unilist nexthop, even the forwarding member nexthop is down, hence there might be traffic loss. PR 1469085 introduced a fix, that chooses an active unicast nexthop member of the unilist nexthop when the current forwarding nexthop is down. Currently this logic is controlled by a config knob (system kernel-options select-active-unilist-member) using sysctl "net.sel_actv_ulist_mem". The intent of this PR is to make this behaviour default to the system, by detaching the sysctl controlling code from the config knob handler routine. The knob attribute (select-active-unilist-member) is marked deprecated. Further modifications are done to rnh_is_active() API's logic to always pick a forwardable nexthop.
PR Number Synopsis Category: vMX Data Plane Issues
1534145 The riot might crash due to a rare issue if vMX run in performance mode
Product-Group=junos
If vMX product is configured to run in performance mode via configuring "chassis fpc 0 performance-mode" (Note: performance mode is enabled by default starting from Junos OS Release 15.1F6), flow cache will be used to improve the traffic forwarding performance. With performance mode enabled, if traffic cause a single flow in the flow cache to have a large number of flow actions which hit the max supported number (i.e. 18) of flow actions (Typically, the addition of lots of firewall counters and policers in a single flow can make it add up), the riot might crash. It is a rare issue.
1544856 The riot forwarding daemon crash might be observed on vMX based platforms configured with IRB interface
Product-Group=junos
On vMX based platforms enabled with IRB interface, the riot forwarding daemon crash might be observed which could lead to traffic loss.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1548422 Traffic with jumbo frame may be discarded on the vMX platforms
Product-Group=junos
On the VMX platforms which are installed on ESXI 6.7 with vmxnet3 driver, traffic with jumbo frame (Packets with MTU more than 1500) may be discarded upon receiving.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1512203 Channelized interfaces might fail to come up.
Product-Group=junos
On QFX5210 platform with knob "auto-speed-detection" enabled (enabled by default), some interfaces might stay in down state due to improper channelization by the device.
PR Number Synopsis Category: QFX L2 PFE
1514145 Junos OS: EX Series and QFX Series: Memory leak issue processing specific DHCP packets (CVE-2021-0217)
Product-Group=junos
A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Series switches running Juniper Networks Junos OS with DHCP local/relay server configured may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or to crashing of the fxpc process. Please refer to https://kb.juniper.net/JSA11107 for more information.
PR Number Synopsis Category: RPD policy options
1476530 Support for dynamic tunnels on SRX Series devices was mistakenly removed.
Product-Group=junos
Support for dynamic-tunnels on SRX-Series devices was mistakenly removed.
PR Number Synopsis Category: Resource Reservation Protocol
1493718 JSA11098 Junos OS and Junos OS Evolved: In bidirectional LSP configurations, on MPLS egress router RPD may core upon receipt of specific malformed RSVP packet. (CVE-2021-0208)
Product-Group=junos
An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Please refer to https://kb.juniper.net/JSA11098 for further information.
PR Number Synopsis Category: SW PRs for SCBE3 related kernel drivers
1564539 MX platforms with MX-SCBE3 may reboot continuously.
Product-Group=junos
A recent change in the kernel boot loader causes a system with MX-SCBE3 to experience the Routing Enginne's kernel memory corruption which causes the system to reboot continuously.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1512810 Junos OS: SRX Series: A logic error in BIND can be used to trigger a Denial of Service (DoS) (CVE-2020-8617)
Product-Group=junos
A vulnerability in BIND code, used in Juniper Networks Junos OS on SRX Series devices, which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger an assertion failure in tsig.c, resulting in a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA11091 for more information.
PR Number Synopsis Category: MX10002 Platform SW - Platform s/w defects
1426120 On MX204 or MX10003, MPC reboot or Routing Engine mastership switchover might occur.
Product-Group=junos
On MX204 and MX10003 platforms, if there's high rate of fragmented traffic received on the em3 interface, em3 watchdog timeout might occur. It could cause MPC reboot or RE mastership switchover.
PR Number Synopsis Category: MX10003/MX204 Linux issues (including driver issues)
1492121 The MX10003 router might shut itself down automatically after the system upgrades or downgrades.
Product-Group=junosvae
On the MX10003 platform, if we upgrade or downgrade Junos software from a set of original releases to a set of target releases, the system might detect incorrect temperature values and shutdown. The set of the original releases are: Junos 18.2R3, 18.3R3, 18.4R2, 19.1R2, 19.2R1, 19.3R1. The set of the target releases are: Junos pre-18.2R3, pre-18.3R3, pre-18.4R2, pre-19.1R2, pre-19.2R1, and pre-19.3R1 releases
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1519337 Junos OS: Command injection vulnerability in 'request system software' CLI command (CVE-2021-0219)
Product-Group=junos
A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command 'request system software add validate-on-host' via the CLI. An attacker with access to this CLI command may be able to exploit this vulnerability. Please refer to https://kb.juniper.net/JSA11109 for more information.
1553577 The command "request system software validate on host" does not validate the correct configuration file
Product-Group=junos
When using the "request system software validate on host username ", please use the latest os-package on remote host for it to properly use the configuration file sent from the host whose configuration file is being validated.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1475871 Traffic loss might be seen as backup Routing Engine takes around 20 seconds to acquire mastership
Product-Group=junos
On the (MX|PTX|QFX)10008/10016 platforms installed with JNP10K-RE1, when GRES and NSR are configured, backup RE will take about 20 seconds to acquire mastership after kernel crash on master RE. Due to this long switching time, traffic loss might be seen. Normal RE mastership switchovers are not affected by this issue.
PR Number Synopsis Category: MX10K platform
1481054 100G interface may randomly fail to come up after maintenance operations
Product-Group=junos
On MX10008/MX10016 platforms with QSFP-100GBASE-LR4 optics, these 100GE interfaces may randomly fail to come up after maintenance operations (such as power cycle, software upgrade, or reboot of RE/FPC, etc) due to QSFP hardware initialization failure.
 

19.2R1-S6 - List of Known issues
PR Number Synopsis Category: NFX Series Platform Software
1462556 Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669)
Product-Group=junos
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. Refer to https://kb.juniper.net/JSA11066 for more information.
PR Number Synopsis Category: MX-ELM l2ng stormcontrol
1552815 The knob 'action-shutdown' of storm control does not work for ARP broadcast packets
Product-Group=junosvae
With knob 'action-shutdown' configured in storm control scenario, the interface will not go to shutdown state if ARP storm exceeds the configured limit. The excess packets will be dropped normally.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1518898 The kernel might crash if a file/directory is accessed for the first time and is not created locally.
Product-Group=junos
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
PR Number Synopsis Category: uboot & loader for DCG TOR and CB
1536799 Software recovery or installation using the Bootable USB Flash Drive option might fail
Product-Group=junosvae
Using "Bootable USB Flash Drive" to recover/install software may fail on the platforms with releases starting from 19.3, after power cycle (off/on).
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1542931 Tail drops might occur on branch SRX platforms if shaping-rate is configured on lt- interface
Product-Group=junos
On the branch SRX platforms, if shaping-rate greater than 2 Mbps and lower than 10Mbps is set on the lt- interface, the maximum traffic rate might not reach shaping-rate, or there might be tail drops during traffic burst.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1558560 Junos device might send VRRP advertisement packets in VRRP init or idle state before startup-silent-period timer expiry after performing GRES on VRRP master device with NSR disabled
Product-Group=junos
If VRRP master device has dual Routing Engines (REs) and GRES enabled but nonstop-routing (NSR) disabled, after performing GRES, both REs will move to VRRP init then idle state and the new master RE will send VRRP advertisement packets in this stage before startup-silent-period timer expiry. Since the VRRP backup device can still receive the VRRP advertisement packets with higher priority, it will not transition to VRRP master state and hence cause the longer traffic downtime until the VRRP master device re-take the VRRP mastership after startup-silent-period timer expiry.
 
Modification History:
First Publication 2021-03-26
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search