Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

12.3R12-S19: Software Release Notification for JUNOS Software Version 12.3R12-S19

0

0

Article ID: TSB18151 TECHNICAL_BULLETINS Last Updated: 18 Aug 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
EX Series
Alert Description:
Junos Software Service Release version 12.3R12-S19 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

Junos Software service Release version 12.3R12-S19 is now available.

12.3R12-S19 - List of Fixed issues

PR Number Synopsis Category: TCP/UDP transport layer
1472367 Junos OS: FreeBSD-EN-18:11.listen: TCP during bind, listen or connect and UDP during bind may experience Denial of Service for IPv6 based sockets. (CVE-2018-6925)
Product-Group=junos
In Juniper Networks Junos OS there are various cases in the IPv6 socket code where the protocol control block's state flags are modified during a syscall, but are not restored if the operation fails. Please refer to https://kb.juniper.net/JSA11178 for more information.
1557881 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
1595649 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
 

12.3R12-S19 - List of Known issues

PR Number Synopsis Category: Border Gateway Protocol
1556207 Junos OS and Junos OS Evolved: Specific packets can trigger rpd crash when BGP Origin Validation is configured with RPKI (CVE-2021-0281)
Product-Group=junos
On Juniper Networks Junos OS and Junos EVO devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing process daemon (RPD) to crash and restart, creating a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11185 for more information.
PR Number Synopsis Category: Firewall Filter
1528403 Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted (CVE-2021-0289)
Product-Group=junos
When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. Please refer to https://kb.juniper.net/JSA11191 for more information.
PR Number Synopsis Category: Security platform jweb support
1511853 Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root. (CVE-2021-0278)
Product-Group=junos
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. Please refer to https://kb.juniper.net/JSA11182 for more information.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1536350 Junos OS and Junos OS Evolved: A vulnerability allows a network based unauthenticated attacker which sends a high rate of specific traffic to cause a partial Denial of Service (CVE-2021-0291)
Product-Group=junos
An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. Refer to https://kb.juniper.net/JSA11193 for more information.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1562153 Junos OS: Multiple vulnerabilities in cURL resolved
Product-Group=junos
Multiple vulnerabilities have been resolved in Juniper Networks Junos OS by updating cURL third party software. Please refer to https://kb.juniper.net/JSA11207 for more information.
 
Modification History:
First publication 2021-08-18
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search