Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.3R2-S6: Software Release Notification for JUNOS Software Version 19.3R2-S6

0

0

Article ID: TSB18092 TECHNICAL_BULLETINS Last Updated: 13 Jul 2021Version: 3.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.3R2-S6 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

NOTE: Due to a software error, Junos software version19.3R2-S6 does not work with MPC11. Do not use this software on an MX system with MPC11 line cards - see TSB18104

19.3R2-S6 - List of Fixed issues

PR Number Synopsis Category: EX4300 PFE
1545530 Junos OS: EX4300: FPC crash upon receipt of specific frames on an interface without L2PT or dot1x configured (CVE-2021-0242)
Product-Group=junos
A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. The DMA buffer leak is seen when receiving these specific, valid unicast frames on an interface without Layer 2 Protocol Tunneling (L2PT) or dot1x configured. Interfaces with either L2PT or dot1x configured are not vulnerable to this issue. Please refer to https://kb.juniper.net/JSA11135 for more information.
PR Number Synopsis Category: MPC11 fabric card SFB3 and related issues
1516287 On the MX2020 and MX2010 routers, the SPMB CPU is elevated when an SFB3 is installed.
Product-Group=junos
Elevated SPMB cpu utilization seen when MX2020/MX2010 is fully populated with SFB3's. This is due to polling of state, temperature and voltage sensors. There is no impact. Reduced the polling frequency of temperature sensors to lower the cpu utilization by a few %.
PR Number Synopsis Category: QFX PFE MPLS
1528409 Junos OS: EX4300-MP/EX4600/EX4650/QFX5K Series: Packet Forwarding Engine manager (FXPC) process crashes when deployed in a Virtual Chassis (VC) configuration (CVE-2021-0237)
Product-Group=junos
On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtual Chassis with a specific Layer 2 circuit configuration, Packet Forwarding Engine manager (FXPC) process may crash and restart upon receipt of specific layer 2 frames. Refer to https://kb.juniper.net/JSA11132 for more information.
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1509402 On the ACX710 router, the Packet Forwarding Engine might crash and the fpc process might remain down.
Product-Group=junos
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up.
PR Number Synopsis Category: Border Gateway Protocol
1541768 The rpd process generates the core file at gp_rtarget_tsi_update,bgp_rtarget_flash_rt,bgp_rtarget_flash.
Product-Group=junos
If RTarget module tries to take an access of the active route which does not exist (since NextHop is not resolved), a reference is taken on the non-existent active route, and rpd crashes.
PR Number Synopsis Category: Track PRs in BGP Flow Spec area & is part of BGP inside RPD.
1537085 Junos OS: A specific BGP VPNv6 flowspec message causes routing protocol daemon (rpd) process to crash with a core (CVE-2021-0236)
Product-Group=junos
Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11131 for more information.
PR Number Synopsis Category: MX Platform SW - UI management
1537194 The chassisd memory leak might cause traffic loss.
Product-Group=junos
On MX/PTX platforms with 18.1 or higher release, chassisd memory leak may be caused by configuration commit. When chassisd consumes ~3.4GB of memory it may crash, chassisd crash may cause GRES or/and FPC restart. If GRES is enabled, commits are being synchronized between REs, so backup RE chassisd may suffer from memory leak too.
PR Number Synopsis Category: Class of Service
1556103 The explicit classifier or rewrite-rule might not work as expected for a logical interface if the wildcard configuration is also applied
Product-Group=junos
On all Junos platforms enabled with class of service (CoS), if there is wildcard classifier or rewrite-rule applied to the logical interfaces, the explicit classifier or rewrite-rule which is present for one of the logical interfaces might not work as expected due to this issue.
PR Number Synopsis Category: MX-ELM l2ng stormcontrol
1552815 The action-shutdown command of storm control does not work for the ARP broadcast packets.
Product-Group=junos
With knob 'action-shutdown' configured in storm control scenario, the interface will not go to shutdown state if ARP storm exceeds the configured limit. The excess packets will be dropped normally.
PR Number Synopsis Category: QFX Control Plane VXLAN
1548415 Junos OS: Remote code execution vulnerability in overlayd service (CVE-2021-0254)
Product-Group=junos
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the partial DoS. Please refer to https://kb.juniper.net/JSA11147 for more information.
PR Number Synopsis Category: EX4400 platform
1573889 EX4400: Mgmt LEDs are not working as per expectations
Product-Group=junos
Below is the status of management LED when speed is set to: 1. 10m - Activity LED is not blinking when ping/traffic is runnig (instead it is remaining steady GREEN) 2. 100m - Activity LED is blinking without any ping/traffic.
PR Number Synopsis Category: Express PFE L2 fwding Features
1486614 Junos OS: QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016: In EVPN-VXLAN scenarios receipt of specific genuine packets by an adjacent attacker will cause a kernel memory leak in FPC. (CVE-2021-0272)
Product-Group=junos
A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. Please refer https://kb.juniper.net/JSA11163 for more information.
PR Number Synopsis Category: SRX4100/SRX4200 platform software
1547953 On vSRX2.0, vSRX3.0, SRX1500, SRX4100, SRX4200, SRX4600 running chassis cluster in Junos OS Release 18.3 or later, multiple messages of "LCC: ch_cluster_lcc_set_context:564: failed to lock chassis_vmx mutex 11" are generated in the chassisd log file. These messages may recur after every few seconds and they do not have any impact on system operation.
Product-Group=junos
On vSRX2.0, vSRX3.0, SRX1500, SRX4100, SRX4200, SRX4600 running Chassis Cluster in Junos 18.3 or later, multiple messages of "LCC: ch_cluster_lcc_set_context:564: failed to lock chassis_vmx mutex 11" are generated in the chassisd log file. These messages may reoccur after every few seconds and they do not have any impact on system operation.
PR Number Synopsis Category: jdhcpd daemon
1491349 The jdhcpd memory leak might be observed in subscriber sceanrio
Product-Group=junos
On All Junos platforms, the jdhcpd memory leak might be seen during DHCPv4/ DHCPv6 subscriber logout. The memory leak will be proportional to subscriber scale as the leak will happen for each client entry.
1564434 Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash and restart. (CVE-2021-0240)
Product-Group=junos
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Please refer to https://kb.juniper.net/JSA11168 for more information.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1462984 On the SRX5000 line of devices, the H323 call with NAT64 could not be established.
Product-Group=junos
On SRX5000 platforms, the H323 call with NAT enabled cannot be established when the H323 GK (Gatekeeper) works in direct mode.
PR Number Synopsis Category: PFE infra to support jvision
1547698 The SENSOR APP DWORD leak is observed during the period of churn for routes bound to the sensor group.
Product-Group=junos
SENSOR APP DWORD leak observed during the period of churn for routes bound to Sensor group. Sensor types that are affected are Segment Routing, Segment Routing-TE, LDP and RSVP LSPs. https://kb.juniper.net/TSB17912
PR Number Synopsis Category: Label Distribution Protocol
1533254 Process rpd may crash in LDP scenario
Product-Group=junos
In all Junos platforms with LDP scenario, process rpd may crash when LDP learned a new LDP route with existing LDP FEC. This situation is usually caused by route refresh, such as replacing FPC.
PR Number Synopsis Category: Multiprotocol Label Switching
1486657 Traffic loss might be observed while performing GRES in an MPLS setup
Product-Group=junos
In an MPLS scenario, when a loopback interface is configured with more than two addresses and label-switched-path (LSP) is using the secondary address, traffic loss might be observed while performing GRES.
PR Number Synopsis Category: MQTT protocol, Mosquitto Broker and Client API
1522265 Junos OS: Receipt of specific packets could lead to Denial of Service in MQTT Server (CVE-2021-0229)
Product-Group=junos
An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets. Please refer to https://kb.juniper.net/JSA11124 for more information.
PR Number Synopsis Category: Fabric Manager for MX
1482124 Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line-card slot.
Product-Group=junos
In specific MPC hardware failure conditions within the MX2K platform, fabric healing will attempt to auto-heal the fault location in 3 phases to prevent traffic blackholing. If under such fault conditions only destination timeouts are reported without corresponding link errors, the fabric healing process might restart all MPCs in phase-2 in an auto-healing attempt and if the error condition appears again within 10 minutes the last phase-3 might offline all MPCs in the system. MX2K platform exposure with SFB2, SFB3. With SFB installed only if 'set chassis fabric disable-grant-bypass' is configured.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1511833 The kernel might crash causing the router or the Routing Engine to reboot when performing virtual IP related change.
Product-Group=junos
On all Junos platforms with VRRP enabled, if delete and add any configuration which involves the virtual IP in the same commit, the kernel might crash. When this happens, the system or the RE will reboot.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1549754 While loading the kernel displays the following error message: GEOM: mmcsd0s.enh: corrupt or invalid GPT detected.
Product-Group=junos
While loading the kernel, user sees the message "GEOM: mmcsd0s.enh: corrupt or invalid GPT detected." This message has no impact on functionality.
1563647 Memory corruption of any binary in /usr/bin/ or /usr/sbin/ may be triggered when a recovery snapshot is being copied to the OAM volume
Product-Group=junos
Memory corruption of a binary from /usr/bin/ or /usr/sbin/ directory can occur if such binary is invoked when a recovery snapshot creation is in progress. The exact symptoms will be different depending on the exact binary and JUNOS version - some programs will show an error, and some programs will crash every time it is executed. Such memory corruption will be persistent until the affected Routing Engine is restarted. Please refer to TSB17954 (https://kb.juniper.net/TSB17954) for further details.
1579331 EX4400: Under some conditions, the FPGA reset reason may be incorrectly shown in console logs as 0.
Product-Group=junos
EX4400: Under some special conditions, such as boot from OAM volume following a graceful/warm reboot, the FPGA reset reason incorrectly shown in console logs as 0.
PR Number Synopsis Category: Express Chip services software
1546143 Junos OS: PTX Series: Denial of Service in packet processing due to heavy route churn when J-Flow sampling is enabled (CVE-2021-0263)
Product-Group=junos
A vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service (DoS) condition. This can occur during periods of heavy route churn, causing the Multi-Service Process to stop processing updates, without consuming any further updates from kernel. Please refer to https://kb.juniper.net/JSA11154 for more information.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1548422 Traffic with jumbo frame may be discarded on the vMX platforms
Product-Group=junos
On the VMX platforms which are installed on ESXI 6.7 with vmxnet3 driver, traffic with jumbo frame (Packets with MTU more than 1500) may be discarded upon receiving.
PR Number Synopsis Category: QFX EVPN / VxLAN
1555835 Traffic might not passed due to the addition of the VLAN tag 2 while passing through the Virtual Chassis port.
Product-Group=junos
When ingress and egress interfaces are in different FPC on QFX5120VC with OVSDB vxlan, the VLAN tag 2 might be added automatically and the peer device drops it.
PR Number Synopsis Category: KRT Queue issues within RPD
1539601 The rpd memory leak might be observed on the backup Routing Engine due to the flapping of the link.
Product-Group=junos
On all Junos platforms with dual REs, rpd memory leak may be seen when an AE member interface flaps or immediate restart of master RE. The memory leak was observed be around 32 bytes per session, the leak is only seen when AE have more than 8 legs.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1534455 Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd.
Product-Group=junos
In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel.
PR Number Synopsis Category: RPD policy options
1523891 The policy configuration might be mismatched between the rpd and mgd process when deactivate policy-options prefix-list is involved in the configuration sequence.
Product-Group=junos
If "deactivate policy-options prefix-list" is involved in configuration sequence along with other policy configurations, the mgd process might not notify the rpd process about the policy configuration changes after committing the configuration. This can cause the policy configuration to be out-of-synchronization between policy database used by rpd and configuration database used by mgd. Due to the missing policy entries in policy database, later the rpd might crash when accessing these entries via CLI command like "show policy".
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1498377 The route entries might be unstable after being imported into inet6.x RIB through rib-group.
Product-Group=junos
When inet6.x (such as 6.1/6.2/6.3, and so on) is used as a non-primary RIB by rib-group, the import function issue might cause the route entries not to be modified correctly for IPv6 format, it might lead the received routes not to be imported successfully into the inet6.x RIB of the routing protocols. Then the network reachability might be impacted.
PR Number Synopsis Category: SW PRs for SCBE3 related kernel drivers
1564539 MX platforms with MX-SCBE3 may reboot continuously
Product-Group=junos
A recent change in the kernel boot loader causes a system with MX-SCBE3 to experience the Routing Enginne's kernel memory corruption which causes the system to reboot continuously.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1523537 The BFD session status remains down at the non-anchor FPC even though BFD session is up after the anchor FPC reboots or panic.
Product-Group=junos
On all platforms with multiple line cards used, after anchor FPC reboot/panic, the BFD session status at non-anchor FPC might be wrong which might cause traffic loss.
 

19.3R2-S6 - List of Known issues

PR Number Synopsis Category: Fast Ethernet interfaces
1436327 The control logical interface is not created along with physical interface by default on MX/EX/SRX
Product-Group=junos
The control logical interface (IFL unit is 16386) is not created along with physical interface (ge/xe/et) by default on MX/EX/SRX if IFL is not configured explicitly. This could lead the protocol (e.g. LLDP) using the control logical interface not working.
PR Number Synopsis Category: jl2tpd daemon
1537772 Junos OS: MX Series: Executing CLI command repetitively may cause the system to run out of disk space (CVE-2021-0238)
Product-Group=junos
When a MX Series is configured as a Broadband Network Gateway (BNG) based on Layer 2 Tunneling Protocol (L2TP), executing certain CLI command may cause the system to run out of disk space, excessive disk usage may cause other complications. Please refer to https://kb.juniper.net/JSA11133 for more information
PR Number Synopsis Category: Security platform jweb support
1501588 Junos OS: J-Web can be compromised through reflected client-side HTTP parameter pollution attacks. (CVE-2021-0269)
Product-Group=junos
The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. Refer to https://kb.juniper.net/JSA11160 for more information.
1503569 Junos OS: J-Web has an Improper Neutralization of CRLF Sequences in its HTTP Headers which allows an attacker to carry out multiple types of attacks. (CVE-2021-0268)
Product-Group=junos
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication. Refer to https://kb.juniper.net/JSA11159 for more information.
PR Number Synopsis Category: MPC11 ULC platform software related issues.
1486315 The MPC10E/MPC11E might crash with aftd-trio core-dump when there are a lot of configuration churns with AE interfaces
Product-Group=junos
From 19.3R2 19.4R1, when there are a lot of configuration churns with AE interfaces on MPC10E/MPC11E, the MPC might crash due to a null pointer issue. This is a rare issue.
PR Number Synopsis Category: Multiprotocol Label Switching
1573517 The rpd process on the transit node might crash when MPLS traceroute on the ingress node is performed
Product-Group=junos
On all Junos and EVO platforms with Label Distribution Protocol (LDP) enabled, when bgp peer goes down, if performing MPLS LSP traceroute before ingress node is updated about bgp peer down, the rpd process might crash on the transit node.
PR Number Synopsis Category: vMX Data Plane Issues
1534145 The riot might crash due to a rare issue if vMX run in the performance mode.
Product-Group=junos
If vMX product is configured to run in performance mode via configuring "chassis fpc 0 performance-mode" (Note: performance mode is enabled by default starting from Junos OS Release 15.1F6), flow cache will be used to improve the traffic forwarding performance. With performance mode enabled, if traffic cause a single flow in the flow cache to have a large number of flow actions which hit the max supported number (i.e. 18) of flow actions (Typically, the addition of lots of firewall counters and policers in a single flow can make it add up), the riot might crash. It is a rare issue.
1534568 Inconsistent core.python2.7.mpc0 core file is seen with stacktrace @ea_wi_precl,@ea_macsec_receive.
Product-Group=junos
Modification History:
2021-07-13 - Update the warning with TSB18104 - MPC11E software recall
2021-07-07 - update to include a warning that 19.3R2-S6 does not work with MPC11E
First publication 2021-06-25
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search