Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

19.2R1-S7: Software Release Notification for JUNOS Software Version 19.2R1-S7

0

0

Article ID: TSB18153 TECHNICAL_BULLETINS Last Updated: 20 Aug 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 19.2R1-S7 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

Junos Software service Release version 19.2R1-S7 is now available.

19.2R1-S7 - List of Fixed issues

PR Number Synopsis Category: access node control protocol daemon
1544746 Junos OS: ANCPD core when hitting maximum-discovery-table-entries limit (CVE-2021-0224)
Product-Group=junos
A vulnerability in the handling of internal resources necessary to bring up a large number of Layer 2 broadband remote access subscriber (BRAS) nodes in Juniper Networks Junos OS can cause the Access Node Control Protocol daemon (ANCPD) to crash and restart, leading to a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11119 for more information.
PR Number Synopsis Category: Border Gateway Protocol
1556207 Junos OS and Junos OS Evolved: Specific packets can trigger rpd crash when BGP Origin Validation is configured with RPKI (CVE-2021-0281)
Product-Group=junos
On Juniper Networks Junos OS and Junos EVO devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing process daemon (RPD) to crash and restart, creating a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11185 for more information.
PR Number Synopsis Category: Captive Portal, Content Delivery Daemon, and Service Plugin
1445812 Junos OS: MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC: The BRAS Subscriber Services service activation portal is vulnerable to a Denial of Service (DoS) via malformed HTTP packets (CVE-2021-0251)
Product-Group=junos
A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery (CPCD) services daemon (cpcd) of Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC allows an attacker to send malformed HTTP packets to the device thereby causing a Denial of Service (DoS), crashing the Multiservices PIC Management Daemon (mspmand) process thereby denying users the ability to log in, while concurrently impacting other mspmand services and traffic through the device. Please refer to https://kb.juniper.net/JSA11144 for more information.
PR Number Synopsis Category: dhcpd daemon
1494720 The DHCP client interfaces may not get an IP address again after network changes
Product-Group=junos
The DHCP client interfaces may not get a new or the same IP address from the DHCP server after network changes (e.g., the DHCP server doesn't have the record due to some reasons, but the device still has). The issue applies to both the scenario where the 'force-discover' option is not configured or the 'force-discover' option is configured on the releases (15.1X49-D170, 17.4R3, 18.2R3, 18.3R2, 18.4R2, 19.1R1, 19.2R1 and onwards).
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1563280 The AppID DB not erased after 'request system zeroize'
Product-Group=junos
On all SRX platforms, the AppID DB not erased after 'request system zeroize'. It will not impact any traffic but customers might confuse due to this issue.
PR Number Synopsis Category: EA chip ( MQSS SW issues )
1556576 Junos OS: FPC may crash upon receipt of specific MPLS packet affecting Trio-based MPCs (CVE-2021-0288)
Product-Group=junos
If specific malformed MPLS packets are received, forwarding will stop on that Packet Forwarding Engine (PFE) and an MPC crash may result. Refer to https://kb.juniper.net/JSA11190 for more information.
PR Number Synopsis Category: EX4400 platform
1573889 EX4400: Mgmt LEDs are not working as per expectations
Product-Group=junos
Below is the status of management LED when speed is set to: 1. 10m - Activity LED is not blinking when ping/traffic is runnig (instead it is remaining steady GREEN) 2. 100m - Activity LED is blinking without any ping/traffic.
PR Number Synopsis Category: Express PFE L2 fwding Features
1486614 Junos OS: QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016: In EVPN-VXLAN scenarios receipt of specific genuine packets by an adjacent attacker will cause a kernel memory leak in FPC. (CVE-2021-0272)
Product-Group=junos
A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. Please refer https://kb.juniper.net/JSA11163 for more information.
PR Number Synopsis Category: Express PFE L3 Multicast
1539194 Junos OS: QFX10K Series: Denial of Service (DoS) upon receipt of DVMRP packets received on multi-homing ESI in VXLAN. (CVE-2021-0295)
Product-Group=junos
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacker to trigger a packet forwarding loop, leading to a partial Denial of Service (DoS). The issue is caused by DVMRP packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured. DVMRP packets received on a multi-homed ESI are sent to the peer, and then incorrectly forwarded out the same ESI, violating the split horizon rule. Refer to https://kb.juniper.net/JSA11208 for more information.
PR Number Synopsis Category: jdhcpd daemon
1564434 Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash and restart. (CVE-2021-0240)
Product-Group=junos
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Please refer to https://kb.juniper.net/JSA11168 for more information.
PR Number Synopsis Category: Juniper Device Manager User Interface includes cli, mgmt
1452431 Junos OS: NFX Series: Local Command Execution Vulnerability in JDMD Leads to Privilege Escalation (CVE-2021-0253)
Product-Group=junosvae
NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. Refer to https://kb.juniper.net/JSA11146 for more information.
PR Number Synopsis Category: all logging related bugs on srx platforms
1403727 Throughput or latency performance of all traffic drops when TCP traffic is passing through the device.
Product-Group=junos
On vSRX, SRX1500, SRX4100,SRX4200 and SRX4600 platforms, when TCP Traffic is passing through the device for a certain period, throughput performance of all traffic is dropped about two thirds and latency performance of all traffic is increased up to around 20 ms.
PR Number Synopsis Category: Security platform jweb support
1511853 Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root. (CVE-2021-0278)
Product-Group=junos
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. Please refer to https://kb.juniper.net/JSA11182 for more information.
PR Number Synopsis Category: lldp sw on MX platform
1569312 Junos OS and Junos OS Evolved: LLDP Out-of-Bounds Read vulnerability in l2cpd (CVE-2021-0277)
Product-Group=junos
An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE). Please refer to https://kb.juniper.net/JSA11181 for more information.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1549754 While loading the kernel displays the following error message: GEOM: mmcsd0s.enh: corrupt or invalid GPT detected.
Product-Group=junos
While loading the kernel, user sees the message "GEOM: mmcsd0s.enh: corrupt or invalid GPT detected." This message has no impact on functionality.
1551193 VM might crash if file is shared between host operating system and guest operating system using virtFS
Product-Group=junos
On Virtual Machines (VM) based platforms running Junos images, file might not be shared between host operating system and guest operating system via Virtual Filesystem (virtFS). When this issue happens, device might be restarted.
1552952 The vme/me0 management interface cannot process any incoming packets.
Product-Group=junos
On EX2300/EX2300-MP/EX3400 platforms, when me0 interface is deleted and vme interface is configured, the device cannot process any incoming packet on vme/me0 management interface.
1555748 Device trying reboot from OAM may get stuck in OK prompt and leading to re-boot from junos
Product-Group=junos
There was a known issue when doing upgrade/downgrade at certain version, (18.3R1.9 is one of it), one instruction file under oam would have been cleaned up, and once the device rollback to older version (eg. "request system reboot oam"), and back and forth, for experimental or testing purpose, it will hit such condition. The issue is not consistently reproducible When seeing such condition in a router (boot into oam and see missing instruction file), try to load the later releases. Please also refer to TSB, recommended to take recovery snapshot on latest junos every time after junos upgrade/downgrade https://kb.juniper.net/InfoCenter/index?page=content&id=TSB17954&actp=METADATA https://kb.juniper.net/InfoCenter/index?page=content&id=TSB18028&actp=METADATA
1563647 Memory corruption of any binary in /usr/bin/ or /usr/sbin/ may be triggered when a recovery snapshot is being copied to the OAM volume or system while it's in heavily stressed condition.
Product-Group=junos
Memory corruption of a binary from /usr/bin/ or /usr/sbin/ directory can occur if such binary is invoked when a recovery snapshot creation is in progress. The exact symptoms will be different depending on the exact binary and JUNOS version - some programs will show an error, and some programs will crash every time it is executed. Such memory corruption will be persistent until the affected Routing Engine is restarted. Please refer to TSB17954 (https://kb.juniper.net/TSB17954) for further details. In addition to recovery snapshot, a device reboot could also be a possible trigger when the system is under heavier read operations across the mounted packages.
1572963 The upgrading might fail when upgrading from Junos with FreeBSD 6
Product-Group=junos
On all platforms (For SRX, only SRX5k with RE-1800x4) while directly upgrading from Junos with FreeBSD 6 (e.g. 15.1X49 or before) to the affected releases, the system will check the USB connection. The upgrading will fail if there is no USB device detected during the upgrading process.
1579331 EX4400: Under some conditions, the FPGA reset reason may be incorrectly shown in console logs as 0.
Product-Group=junos
EX4400: Under some special conditions, such as boot from OAM volume following a graceful/warm reboot, the FPGA reset reason incorrectly shown in console logs as 0.
PR Number Synopsis Category: TCP/UDP transport layer
1472367 Junos OS: FreeBSD-EN-18:11.listen: TCP during bind, listen or connect and UDP during bind may experience Denial of Service for IPv6 based sockets. (CVE-2018-6925)
Product-Group=junos
In Juniper Networks Junos OS there are various cases in the IPv6 socket code where the protocol control block's state flags are modified during a syscall, but are not restored if the operation fails. Please refer to https://kb.juniper.net/JSA11178 for more information.
1557881 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
1595649 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
PR Number Synopsis Category: Paradise pfe ddos protection feature
1564807 Junos OS: Upon receipt of specific packets BFD sessions might flap due to DDoS policer implementation in Packet Forwarding Engine (CVE-2021-0280)
Product-Group=junos
On PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, DDoS protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE). This may cause BFD sessions to flap when a high rate of specific packets are received. Refer to https://kb.juniper.net/JSA11184 for more information.
PR Number Synopsis Category: QFX L2 PFE
1580352 DHCP packets might be dropped if dynamic filter 'dyn-dhcpv4_v6_trap' is applied on the interface
Product-Group=junos
DHCP packets might be dropped when dynamic filter 'dyn-dhcpv4_v6_trap' is applied and software-based learning CLI is enabled on the interface.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1536350 Junos OS and Junos OS Evolved: A vulnerability allows a network based unauthenticated attacker which sends a high rate of specific traffic to cause a partial Denial of Service (CVE-2021-0291)
Product-Group=junos
An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. Refer to https://kb.juniper.net/JSA11193 for more information.
PR Number Synopsis Category: SRX branch platforms
1451860 The rpd process might stop and restart and an rpd core file is generated when committing the configuration.
Product-Group=junos
On SRX300/320/340/345 Series platforms, when the protocol (BGP/ISIS/OSPF) authentication-Key, Master system-password, and TPM password is configured, the rpd process might crash during committing the configuration on the device.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1562153 Junos OS: Multiple vulnerabilities in cURL resolved
Product-Group=junos
Multiple vulnerabilities have been resolved in Juniper Networks Junos OS by updating cURL third party software. Please refer to https://kb.juniper.net/JSA11207 for more information.
 

19.2R1-S7 - List of Known issues

PR Number Synopsis Category: Firewall Filter
1528403 Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted (CVE-2021-0289)
Product-Group=junos
When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. Please refer to https://kb.juniper.net/JSA11191 for more information.
PR Number Synopsis Category: Security platform jweb support
1501588 Junos OS: J-Web can be compromised through reflected client-side HTTP parameter pollution attacks. (CVE-2021-0269)
Product-Group=junos
The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. Refer to https://kb.juniper.net/JSA11160 for more information.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1505864 The installation fails when upgrading from legacy Junos OS to specific BSDx-based Junos OS.
Product-Group=junos
The installation might fail when upgrading from legacy Junos (before Junos 15.1) to higher BSDx based Junos releases (Junos 15.1 and after).
PR Number Synopsis Category: QFX EVPN / VxLAN
1554389 Wrong ARP reply might be sent via AE interface on QFX5000 series platforms
Product-Group=junos
Wrong Address Resolution Protocol (ARP) reply might be sent by QFX5000 series platforms when the ARP request packet is received via an Aggregated Ethernet (AE) interface. This issue affects QFX5000 series platforms running Junos image only. Please refer to workaround to avoid this issue.
1594981 The label field for the EVPN Type 1 route is set to 1
Product-Group=junos
In the EVPN/VXLAN scenario, the label field for Type-1 route is not required but it is assigned 1 instead of 0, which is in conflict with the RFC7432.
PR Number Synopsis Category: SW PRs for SCBE3 related kernel drivers
1564539 MX platforms with MX-SCBE3 may reboot continuously
Product-Group=junos
A recent change in the kernel boot loader causes a system with MX-SCBE3 to experience the Routing Enginne's kernel memory corruption which causes the system to reboot continuously.
 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search