Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.3R3-S12: Software Release Notification for JUNOS Software Version 17.3R3-S12

0

0

Article ID: TSB18110 TECHNICAL_BULLETINS Last Updated: 21 Jul 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, VRR, vMX
Alert Description:
Junos Software Service Release version 17.3R3-S12 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 17.3R3-S12 is now available.

17.3R3-S12 - List of Fixed issues
PR Number Synopsis Category: QFX PFE L2
1582473 MAC addresses learnt from the MC-LAG client device might keep flapping between the ICL interface and MC-AE interface after one child link in the MC-AE interface is disabled.
Product-Group=junos
On QFX/EX series products using Broadcom chip based PFE (i.e., QFX3500/QFX3600/QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4300/EX4600/EX4650), if Multichassis link aggregation group (MC-LAG) is configured, and the interchassis link (ICL) interface is a physical interface instead of an aggregated Ethernet (AE) interface, after one of the child links in Multichassis Aggregated Ethernet (MC-AE) interface on one of MC-LAG peers is disabled, the MAC addresses learnt from MC-LAG client device might keep flapping between the ICL interface and MC-AE interface. It could cause traffic drop when MAC addresses are learnt on ICL interface. This issue is only exposed in Junos release having the code change in PR 1504586 (which is fixed in Junos: 17.3R3-S9 17.4R3-S3 18.1R3-S11 18.2R3-S6 18.3R3-S3 18.4R2-S6 18.4R3-S6 19.1R3-S2 19.2R3 19.3R3 19.4R3 20.1R2 20.2R2 20.3R1 20.3X75-D10 20.4R1) but not having fix of PR 1582473.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1416025 The QFX and EX switch may not install all IRB MAC addresses in the initialization
Product-Group=junos
On QFX5100/QFX5110/QFX5120/QFX5200/EX4600 which is configured as a layer 3 gateway in an EVPN topology, it may not install all MAC-addresses for the integrated bridging and routing (IRB) interface in the TCAM table. Even though the MAC-address for the IRB gets installed by removing and reconfiguration, but the MAC-address is missed again in the TCAM table after reboot.
PR Number Synopsis Category: BBE database related issues
1554539 The subscriber sessions might be missed but stay in the authd after performing ISSU
Product-Group=junos
In the subscriber management environment, the subscriber session might be missed in bbe-smgd (BBE system management daemon) but stay in authd (authentication daemon) after ISSU (In-Service Software Upgrade) or VC (Virtual Chassis) global switchover. Because there is no accounting session stop sent from bbe-smgd, the radius server does not clean up these forgotten sessions and this leads to radius free pool limits which have an impact on the subscribers.
PR Number Synopsis Category: Captive Portal, Content Delivery Daemon, and Service Plugin
1445812 Junos OS: MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC: The BRAS Subscriber Services service activation portal is vulnerable to a Denial of Service (DoS) via malformed HTTP packets (CVE-2021-0251)
Product-Group=junos
A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery (CPCD) services daemon (cpcd) of Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC allows an attacker to send malformed HTTP packets to the device thereby causing a Denial of Service (DoS), crashing the Multiservices PIC Management Daemon (mspmand) process thereby denying users the ability to log in, while concurrently impacting other mspmand services and traffic through the device. Please refer to https://kb.juniper.net/JSA11144 for more information.
PR Number Synopsis Category: EA chip ( MQSS SW issues )
1556576 Junos OS: FPC may crash upon receipt of specific MPLS packet affecting Trio-based MPCs (CVE-2021-0288)
Product-Group=junos
If specific malformed MPLS packets are received, forwarding will stop on that Packet Forwarding Engine (PFE) and an MPC crash may result. Refer to https://kb.juniper.net/JSA11190 for more information.
PR Number Synopsis Category: jdhcpd daemon
1564434 Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash and restart. (CVE-2021-0240)
Product-Group=junos
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Please refer to https://kb.juniper.net/JSA11168 for more information.
PR Number Synopsis Category: TCP/UDP transport layer
1552603 The BGP session replication might fail to start after the session crashes on the backup Routing Engine.
Product-Group=junos
On certain Junos platforms with Dual-REs (platforms capable of installing Junos packages with name format as "junos*install"), BGP replication may fail to start under GRES/NSR setup after a crash on backup Routing Engine. NSR starts un-replicating the socket since backup Routing Engine is no longer present. Massive unreplicated request leads to memory buffer getting full with multiple BGP sessions (e.g., 20 BGP peers). Hence BGP unreplicated request returned with an error. Besides, the kernel is left with stale data. It does not allow the JSR (Juniper Socket Replication, BGP in this case) when backup RE comes up due to the stale data. BGP-NSR (Nonstop Routing) is broke under the conditions. Traffic outage will be observed after performing GRES.
1595649 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
PR Number Synopsis Category: Paradise pfe ddos protection feature
1564807 Junos OS: Upon receipt of specific packets BFD sessions might flap due to DDoS policer implementation in Packet Forwarding Engine (CVE-2021-0280)
Product-Group=junos
On PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE). This may cause BFD sessions to flap when a high rate of specific packets are received. Refer to https://kb.juniper.net/JSA11184 for more information.
PR Number Synopsis Category: Express Chip L3 software
1582780 On the QFX10000 line of switches, the firewall filter logs are incorrectly populated the protocol 8847 entries.
Product-Group=junos
When an MPLS TTL 1 packet is received by the QFX10K, the PE Chip traps a copy and sends it to the host path with sample class SAMPLE_CLASS_EXCEPTION - this is expected. However, the PE chip is trapping and sending an additional copy to the host path with sample class SAMPLE_CLASS_PFE due to the lkup type property set incorrectly. This causes the firewall filter log to be filled with entries for protocol 8847 even when no firewall filter is configured - it is not known to cause any functional impact. This PR fixes the issue with the lkup type property being set incorrectly, which stops the PE chip from trapping and sending an additional copy to the host path with sample class SAMPLE_CLASS_PFE, and preventing the firewall filter logs from being filled unnecessarily with entries for protocol 8847.
PR Number Synopsis Category: Periodic Packet Management Daemon
1561850 The ppmd memory leak may cause traffic loss
Product-Group=junos
On all platforms, ppmd memory leak and then ppmd crash might happen, which may potentially cause traffic loss if process dfwd flap (maybe another name in Evolved system and performing restart firewall can achieve this). This is because that the old memory allocated for dfwd is not freed and the new memory is then allocated by ppmd during the flap.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1424284 The traffic loss might start after deleting IRB logical interface
Product-Group=junos
On QFX5000 and EX4600 platform with multiple IRB logical interfaces configured, after deleting one of the IRB logical interfaces, packets destined to other IRB logical interfaces where MAC is not configured will get impacted.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1536350 Junos OS and Junos OS Evolved: A vulnerability allows a network based unauthenticated attacker which sends a high rate of specific traffic to cause a partial Denial of Service (CVE-2021-0291)
Product-Group=junos
An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. Refer to https://kb.juniper.net/JSA11193 for more information.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1566325 The mspmand crash might be seen on the PIC of MS-MPC/MS-MIC
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC inserted, if EIM is configured under NAT, when on-fly NAT configuration change (i.e removal of NAT rule/Pool) happens, the mspmand crash might be seen. Traffic will be affected.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1542211 Trio-based FPC might crash when the underlying Layer 2 interface for ARP over IRB interface is changed from the physical interface to the LSI interface.
Product-Group=junos
This issue applies to a Trio-based FPC using the integrated routing and bridging (IRB) interface with a VPLS instance using the label-switched interface (LSI) to provide VPLS functionality. The FPC may restart unexpectedly. The restart is triggered when the underlying layer-2 interface for ARP over IRB interface changes from the physical interface to the LSI interface.
1561313 Multicast traffic with incorrect source mac address might be observed from IRB interface
Product-Group=junos
On Trio based platforms with IGMP snooping enabled in bridge domain which has IRB interface associated with it and if there are frequent IGMP (join/leave) churn then outgoing multicast traffic in bridge-domains might be observed from IRB interfaces with incorrect source mac address. This is due to wrong L2 encapsulation done by IRB multicast nexthops.
 

17.3R3-S12 - List of Known issues
PR Number Synopsis Category: QFX PFE L2
1575976 The DF might not forward BUM traffic on QFX5000 series switches
Product-Group=junos
If AE interfaces in SP style are configured with ESI, after deleting a couple of IFLS on the AE interface and then disable the member port of the AE interface on the peer, the DF might not forward BUM traffic from remote VTEP on QFX5000 Series switches.
PR Number Synopsis Category: Control Plane and Infrastructure for the Junos Fusion Enterprise
1188254 Junos Fusion Enterprise: LLDP might stop working if manually deactivated and reactivated
Product-Group=junos
On a Junos Fusion Enterprise, LLDP might stop working if it is reenabled after being manually disabled.
PR Number Synopsis Category: OpenSSH and related subsystems
1454177 The SSH login might fail if a user account exists in both the local database and RADIUS/TACACS+.
Product-Group=junos
SSH login from an automation tool to the Junos OS device might not be successful if the username is configured both as a local user and on remote RADIUS/TACACS server, and using authentication method 'password'.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1567723 MAC addresses might not be relearned successfully after MAC address age timeout
Product-Group=junos
On all L2NG platforms, MAC address entries might be smaller in the MAC table than in the ARP table, this because some of MAC addresses are not relearned successfully after MAC address age timeout. This issue will cause traffic loss for non-existing MAC entries.
PR Number Synopsis Category: Security platform jweb support
1511853 Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root. (CVE-2021-0278)
Product-Group=junos
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. Please refer to https://kb.juniper.net/JSA11182 for more information.
PR Number Synopsis Category: Multiprotocol Label Switching
1575060 The LSP might fail to be established when ISIS-TE or OSPF-TE is enabled
Product-Group=junos
If ISIS-TE or OSPF-TE is enabled, but 'admin-groups-extended-range' or 'admin-groups-extended' (which is configured under routing-options) and 'admin-group-extended' are configured after the peer router advertises the extended admin groups, the LSP with extended admin groups constraints might fail to be established.
PR Number Synopsis Category: MX104 Software - Chassis Daemon
1475396 ChassisD core-dump seen on Altius/mx104 when trigger cmerror
Product-Group=junos
On MX104,the CMERROR infra is not available
PR Number Synopsis Category: Trio pfe, vpls, mesh group software
1564653 In a scaled setup with AE and with a lot of bridge units, traffic loss can be experienced after AE goes down and up due to mc-lag switchover in peer..
Product-Group=junos
In a scaled setup with AE and with a lot of bridge units, traffic loss can be experienced after AE goes down and up due to mc-lag switchover in peer. Further improvements will be provided in upcoming release.
 
Modification History:
First publication 2021-07-21
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search