Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.4R2-S13: Software Release Notification for JUNOS Software Version 17.4R2-S13

0

0

Article ID: TSB18025 TECHNICAL_BULLETINS Last Updated: 08 Apr 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, MX, EX, PTX, QFX, vMX, vRR, NFX, SRX, vSRX.
Alert Description:
Junos Software Service Release version 17.4R2-S13 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 17.4R2-S13 is now available.

17.4R2-S13 - List of Fixed issues
PR Number Synopsis Category: EX4300 PFE
1376504 On EX4300-48MP, syslog error "Error in bcm_port_sample_rate_set(ifl_cmd) : Reason Invalid port" is seen.
Product-Group=junos
On EX4300-48MP, while running regression scripts, got syslog error "On EX4300-48MP, while running regression scripts, got"
PR Number Synopsis Category: CoS support on ACX
1493518 On the ACX5048 and ACX5096 routers, the LACP control packets might be dropped due to high CPU utilization.
Product-Group=junos
On ACX5048/ACX5096 platforms, when one of the child links in AE goes down brings entire AE down due to high CPU.LACP control packets might get dropped as the port is blocked for a temporary period.
PR Number Synopsis Category: ACX L2 related features
1565642 ACX5048: Entry for mac address from which no traffic is seen for mac age timer does not age out if there is active traffic destined for this mac
Product-Group=junos
As per the current code, ACX would not delete a mac address from the mac table there is- (a) traffic destined to the mac address or (b) traffic sourced from the mac address or (c) both Fix of this PR will allow ACX to only look at (b) traffic sourced from mac address before deleting the mac address entry from mac table. So, if there is no traffic sourced from the mac for an interval of mac aging timer, the mac would be deleted from the mac table at the end of mac aging timer with out taking into account the traffic destined to the mac address.
PR Number Synopsis Category: ACX Services feature
1382322 DHCP relay doesn't work when DHCP server is connected via IRB interface of DHCP relay device
Product-Group=junos
ON ACX2200 platform, with DHCP-RELAY enable and DHCP server connected via IRB interface of dhcp-relay device
1559690 The fxpc(dc-pfe) process crash may be seen on ACX5048/5096 with analyzer configuration
Product-Group=junos
On ACX5048/5096 platforms with analyzer configuration, the fxpc (dc-pfe) will crash if the route to the monitoring server (output ip-address) resolves to unilist next-hop.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1518106 The BFD sessions might flap continuously after disruptive switchover followed by GRES
Product-Group=junos
Disruptive switchover (no GRES or NSR configured) can lead to stale PPM entries programmed on the new master Routing Engine. If both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously.
PR Number Synopsis Category: Border Gateway Protocol
1487486 The rpd might crash with BGP RPKI enabled in a race condition
Product-Group=junos
On all Junos platforms with BGP PRKI (Resource Public Key Infrastructure) scenario, if NSR is enabled and scale routes and ROAs exist, in a very rare case, the ROA (route origin authorization) might be withdrawn before replicating to the backup RE when ROA changes happen, which results in the rpd crash.
PR Number Synopsis Category: This is for all defects raised against dns-proxy feature
1512212 Junos OS: SRX Series: ISC Security Advisory: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616)
Product-Group=junos
On Juniper Networks Junos OS SRX Series devices an uncontrolled resource consumption vulnerability in BIND may allow an attacker to cause a Denial of Service (DoS) condition. When these devices are configured to use DNS Proxy, these devices do not sufficiently limit the number of fetches performed when processing referrals. In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. In its original design BIND (as well as other nameservers) does not sufficiently limit the number of fetches which may be performed while processing a referral response. A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. Refer to https://kb.juniper.net/JSA11090 for more information.
PR Number Synopsis Category: to track infrastructure replication bugs
1376774 FPCs rebooted although the MXVC ISSU output looks like successful
Product-Group=junos
FPCs rebooted although the MXVC ISSU output looks like successful. The root cause here is when FPCs diconnected from VC-Bm and tries to re-connect to new VC-Mm installed in the last stage of ISSU, pfe peer was marked as Closed and got cleaned up on disconnect from VC-Bm(VC-Bm in ISSU turned to VC-Mm).
PR Number Synopsis Category: PFE infra to support jvision
1547698 SENSOR APP DWORD leak is observed during the period of churn for routes bound to the sensor group.
Product-Group=junos
SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group. Sensor types that are affected are Segment Routing, Segment Routing-TE, LDP and RSVP LSPs.
PR Number Synopsis Category: Layer 2 Control Module
1561235 The l2cpd core might be seen on reboot
Product-Group=junos
When xSTP is used, the l2cpd core might be seen on reboot. This will be a one-time core and will not impact on functionality.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1377714 QFX10008: 'Tried to send packet with no output interface' syslog error message observed continuously
Product-Group=junos
Error message 'Tried to send packet with no output interface' seen in QFX10k8. This is cosmetic issue. Fix will detect error earlier in L2alm and can control log display.
PR Number Synopsis Category: Multicast for L3VPNs
1546739 MVPN multicast route entry might not be properly updated with the actual downstream interfaces list.
Product-Group=junos
In multicast VPN RPT-SPT mode with both locally and remotely connected receivers, the multicast forwarding entry related to the actual downstream interfaces may not be properly updated. The issue may happen when multicast forwarding entry is created by locally connected PIM receiver, followed by remote receiver and after local receiver decides to prune its membership in that multicast group.
PR Number Synopsis Category: IDS features available on MS-MPC/MIC
1536100 Junos OS: MX Series: Dynamic filter fails to match IPv6 prefix (CVE-2021-0205)
Product-Group=junos
When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the prefix as /32, causing the filter to block unexpected traffic. Refer to https://kb.juniper.net/JSA11095 for more information.
PR Number Synopsis Category: MX104 Software - Chassis Daemon
1453893 FPC/PFE crash may happen with ATM MIC installed in the FPC.
Product-Group=junos
FPC crash on MX240 and MX2020 routers or Packet Forwarding Engine crash on MX104 routers might happen when the MIC-3D-8OC3-2OC12-ATM is installed and ATM interface is configured.
PR Number Synopsis Category: Protocol Independant Multicast
1500125 Some PIM join or prune packets might not be processed in the first attempt in the scale scenario where the PIM routers establish neighborship and immediately join the multicast group
Product-Group=junos
On all Junos platforms with scaling MVPN scenario, some PIM Join/Prune messages may not be processed for the first attempt. For instance, a dedicated PIM router receives more than 2500 PIM hello packets from the new neighbors, followed by PIM Join packets for the same multicast group in a very short period of time.
PR Number Synopsis Category: PTP related issues.
1557758 Packets corruption on 100G/40G interface configured with protocol PTP.
Product-Group=junos
On MX Platform with any of these linecards -MPC9E/JNP10K-LC2101/JNP10003-LC2103/MX204-MPC, Packets corruption might occur with enabling PTP(Protocol Time protocol) on 100G/40G interfaces mapped to Channelized MAC.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1561984 The rpd crash might be observed during processing huge amount of PIM prune messages
Product-Group=junos
In MVPN scenario, if huge amount of PIM prune messages (e.g. more than 3500 receivers for more than 3 multicast groups) are processed on a Junos device, the rpd crash might occur.
PR Number Synopsis Category: Resource Reservation Protocol
1493718 JSA11098 Junos OS and Junos OS Evolved: In bidirectional LSP configurations, on MPLS egress router RPD may core upon receipt of specific malformed RSVP packet. (CVE-2021-0208)
Product-Group=junos
An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Please refer to https://kb.juniper.net/JSA11098 for further information.
PR Number Synopsis Category: Sangria Platform including chassisd, RE, CB, power managemen
1551291 The chassisd might crash with faulty SIB3 on PTX3000 platform
Product-Group=junos
On PTX3000 platform with a faulty SIB3, an interrupt storm might occur. When the interrupts cross chassisd threshold, and offline/online/unplug/insert activity happens on the SIB3, it will result in chassid crash.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1381469 Memory leak observed in MS-MPC card.
Product-Group=junos
On MX platform with MS-MPC installed, memory leak can be observed when requesting "vty mspdbg-cli command".
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1559786 It fails if the xml output from command "request vmhost mode test | display xml rpc" is picked and used in netconf
Product-Group=junos
On vmhost platforms, if the xml output from command "request vmhost mode test | display xml rpc" is picked and used in netconf, it will fail. set vmhost mode custom test layer-3-infrastructure cpu count MIN set vmhost mode custom test layer-3-infrastructure memory size MIN set vmhost mode custom test nfv-back-plane cpu count MIN set vmhost mode custom test nfv-back-plane memory size MIN set vmhost mode custom test vnf cpu count MIN
 
Modification History:
First publication 2021-04-08
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search