Happy Monday, Juniper admins: Get patching

Juniper Networks pushed out patches for its Junos operating system over the weekend.

The first, rated high severity, is CVE-2017-2302. It's a denial-of-service (DoS) bug in its routing protocol daemon.

“On Junos OS devices where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition,” the advisory says.

It only affects devices that have the BGP add-path feature, or which have add-path configured only with the “receive” option. Disabling add-path completely, or disabling the “send” option, is a functioning workaround.

Patches are available for all affected versions.

The second weekend patch only affects SRX owners and helps them combat a problem whereby crafted multicast packets can cause a DoS.

The problem's called CVE-2017-2300 and means “The flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets. Upon the flowd crash, data plane redundancy groups will fail over to the secondary node in the chassis cluster while flowd on the primary node restarts.”

The patch is available, and users can block the issue by disallowing transit multicast traffic.

Juniper's also issued rollup patches for a bunch of third-party vulnerabilities for the company's Network and Security Manager (NSM) product. The new code covers OpenSSH, Apache, PostgreSQL, Linux kernel and other fixes. ®