Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

15.1R7-S10: Software Release Notification for JUNOS Software Version 15.1R7-S10

0

0

Article ID: TSB18135 TECHNICAL_BULLETINS Last Updated: 10 Aug 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
EX
Alert Description:
Junos Software Service Release version 15.1R7-S10 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

Junos Software service Release version 15.1R7-S10 is now available.

15.1R7-S10 - List of Fixed issues
PR Number Synopsis Category: EX kernel issues specific to CPU
1600086 Memory leak in the jdhcpd process might be seen in DHCPv6 scenario
Product-Group=junos
On EX2200/EX3200/EX3300/EX4200/EX4500/EX6200/EX8200 platforms, when DHCP relay is configured in DHCPv6 scenario, for every REBIND message received from the client, if REPLY is received from two configured DHCP servers simultaneously, the memory leak in the jdhcpd process might be seen.
PR Number Synopsis Category: Firewall Filter
1528403 Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted (CVE-2021-0289)
Product-Group=junos
When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. Please refer to https://kb.juniper.net/JSA11191 for more information.
PR Number Synopsis Category: TCP/UDP transport layer
1472367 Junos OS: FreeBSD-EN-18:11.listen: TCP during bind, listen or connect and UDP during bind may experience Denial of Service for IPv6 based sockets. (CVE-2018-6925)
Product-Group=junos
In Juniper Networks Junos OS there are various cases in the IPv6 socket code where the protocol control block's state flags are modified during a syscall, but are not restored if the operation fails. Please refer to https://kb.juniper.net/JSA11178 for more information.
1557881 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
1595649 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
 

15.1R7-S10 - List of Known issues
PR Number Synopsis Category: Border Gateway Protocol
1556207 Junos OS and Junos OS Evolved: Specific packets can trigger rpd crash when BGP Origin Validation is configured with RPKI (CVE-2021-0281)
Product-Group=junos
On Juniper Networks Junos OS and Junos EVO devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing process daemon (RPD) to crash and restart, creating a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11185 for more information.
PR Number Synopsis Category: Security platform jweb support
1511853 Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root. (CVE-2021-0278)
Product-Group=junos
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. Please refer to https://kb.juniper.net/JSA11182 for more information.
 
Modification History:
First publication 2021-08-10
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search