Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

15.1R7-S9: Software Release Notification for JUNOS Software Version 15.1R7-S9

0

0

Article ID: TSB18041 TECHNICAL_BULLETINS Last Updated: 06 May 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
EX3300/EX4200/EX4500/EX4550/EX6210/EX8208/EX8216
Alert Description:
Junos Software Service Release version 15.1R7-S9 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 15.1R7-S9 is now available.

15.1R7-S9 - List of Fixed issues
PR Number Synopsis Category: QFX Control Plane VXLAN
1548415 Junos OS: Remote code execution vulnerability in overlayd service (CVE-2021-0254)
Product-Group=junos
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the partial DoS. Please refer to https://kb.juniper.net/JSA11147 for more information.
PR Number Synopsis Category: Layer 2 Control Module
1561235 The l2cpd process might generate a core file on reboot.
Product-Group=junos
When xSTP is used, the l2cpd core might be seen on reboot. This will be a one-time core and will not impact on functionality.
 

15.1R7-S9 - List of Known issues
PR Number Synopsis Category: jdhcpd daemon
1534814 Junos OS: Receipt of a crafted DHCP packet will cause the jdhcpd DHCP service to core (CVE-2021-0267)
Product-Group=junos
An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet to the device thereby crashing the jdhcpd DHCP service. This is typically configured for Broadband Subscriber Sessions. Please refer to https://kb.juniper.net/JSA11158 for more information.

 
Modification History:
First publication 2021-05-06
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search