Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

20.1R2-S2: Software Release Notification for JUNOS Software Version 20.1R2-S2

0

0

Article ID: TSB18106 TECHNICAL_BULLETINS Last Updated: 16 Jul 2021Version: 2.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 20.1R2-S2 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 20.1R2-S2 is now available.

20.1R2-S2 - List of Changes

PR Number Synopsis Category: BBE database related issues
1592889 Any mmcq based services might crash due to shared memory queues issue happens in a rare condition
Product-Group=junos
In the shared memory queues (mmcq) scenario (e.g. Enhanced Subscriber Management and Next Generation Broadband-Edge Statistics in this case). The BBE statistics are mapped and queued on the shared memory, in a very rare case, if the allocated mmcq of the selected data is disorderly, the improper BBE statistics might be sent/took for the subscriber services, then the bbe-smgd/bbe-statsd might crash. Also, all these kinds of the crash might continue due to the persistence of shared memory values, then the mmcq based services will not work until performing GRES or rebooting the RE.
PR Number Synopsis Category: EX4400 platform
1573889 EX4400: Mgmt LEDs are not working as per expectations
Product-Group=junos
Below is the status of management LED when speed is set to: 1. 10m - Activity LED is not blinking when ping/traffic is runnig (instead it is remaining steady GREEN) 2. 100m - Activity LED is blinking without any ping/traffic.
PR Number Synopsis Category: Express PFE L3 Multicast
1539194 Junos OS: QFX10K Series: Denial of Service (DoS) upon receipt of DVMRP packets received on multi-homing ESI in VXLAN. (CVE-2021-0295)
Product-Group=junos
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacker to trigger a packet forwarding loop, leading to a partial Denial of Service (DoS). The issue is caused by DVMRP packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured. DVMRP packets received on a multi-homed ESI are sent to the peer, and then incorrectly forwarded out the same ESI, violating the split horizon rule. Refer to https://kb.juniper.net/JSA11208 for more information.
PR Number Synopsis Category: jdhcpd daemon
1564434 Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash and restart. (CVE-2021-0240)
Product-Group=junos
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Please refer to https://kb.juniper.net/JSA11168 for more information.
PR Number Synopsis Category: Security platform jweb support
1511853 Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root. (CVE-2021-0278)
Product-Group=junos
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. Please refer to https://kb.juniper.net/JSA11182 for more information.
1592021 Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root. (CVE-2021-0278)
Product-Group=junos
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. Please refer to https://kb.juniper.net/JSA11182 for more information.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1549754 While loading the kernel displays the following error message: GEOM: mmcsd0s.enh: corrupt or invalid GPT detected.
Product-Group=junos
While loading the kernel, user sees the message "GEOM: mmcsd0s.enh: corrupt or invalid GPT detected." This message has no impact on functionality.
1563647 Memory corruption of any binary in /usr/bin/ or /usr/sbin/ may be triggered when a recovery snapshot is being copied to the OAM volume
Product-Group=junos
Memory corruption of a binary from /usr/bin/ or /usr/sbin/ directory can occur if such binary is invoked when a recovery snapshot creation is in progress. The exact symptoms will be different depending on the exact binary and JUNOS version - some programs will show an error, and some programs will crash every time it is executed. Such memory corruption will be persistent until the affected Routing Engine is restarted. Please refer to TSB17954 (https://kb.juniper.net/TSB17954) for further details.
PR Number Synopsis Category: Paradise pfe ddos protection feature
1564807 Junos OS: Upon receipt of specific packets BFD sessions might flap due to DDoS policer implementation in Packet Forwarding Engine (CVE-2021-0280)
Product-Group=junos
On PTX platforms with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE). This may cause BFD sessions to flap when a high rate of specific packets are received. Refer to https://kb.juniper.net/JSA11184 for more information.
PR Number Synopsis Category: Path computation client daemon
1488968 Scapa : pccd cored evDispatch
Product-Group=junos
The core is happening only when scripts are run and that too sometimes, never happening manually. It doesn't have any functionality impact. If it ever happens, pccd app will recover automatically and won't cause any service disruption.
1508412 Changing ERO on branch LSP may cause issues
Product-Group=junos
On all Junos and EVO platforms, ERO (Explicit Route object, it defines a path an MPLS TE tunnel takes) update by the controller for branch LSP might cause issues, like deletion of P2MP LSP not happening or traceroute failure.
PR Number Synopsis Category: SW PRs for SCBE3 related kernel drivers
1564539 MX platforms with MX-SCBE3 may reboot continuously
Product-Group=junos
A recent change in the kernel boot loader causes a system with MX-SCBE3 to experience the Routing Enginne's kernel memory corruption which causes the system to reboot continuously.
 

20.1R2-S2 - List of Known issues

N/A
Modification History:
2021-07-14 First publication date
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search