Juniper Networks battles swarm of bugs

By on
Juniper Networks battles swarm of bugs

Catches up with huge number of third-party vulnerabilities.

Juniper Networks has gone public with a number of vulnerabilities serious enough to attract the attention of America’s Cybersecurity and Infrastructure Security Agency.

Of the 30 vulnerabilities disclosed this week, four are rated as critical and eight are rated as high severity.

The critical vulnerabilities affect the company’s Junos Space, Contrail Networking, and Northstar Controller products.

This critical bulletin covers multiple vulnerabilities in third-party products shipped with Junos Space versions prior to 22.1R1. 

Affected third-party products include the nginx resolver, Oracle Java SE, OpenSSH, Samba, the RPM package manager, Kerberos, OpenSSL, the Linux kernel, curl, and MySQL Server.

Juniper Networks Contrail Networking needs to be upgraded to release 21.4.0 to fix the Red Hat Universal Base Image (UBI) container image from Red Hat Enterprise Linux 7 to Red Hat Enterprise Linux 8, taking care of 23 vulnerabilities stretching back to 2013.

In another fix for third-party components, the Junos Space Security Director Policy Enforcer has been upgraded to use CentOS 7.9, in version 22.1R1.

In CVE-2021-23017, the nginx load balancer Juniper ships with its Northstar Controller has a remote code execution bug.

“An Off-by-one Error vulnerability in the nginx resolver … allows an unauthenticated remote attacker who is able to forge UDP packets from the DNS server to cause a 1-byte memory overwrite, resulting in worker process crash or potentially, arbitrary code execution,” the advisory states.

This vulnerability is patched in version 1.20.1 of the Northstar Controller.

A number of high severity bugs are also disclosed in Junos OS. The full list of vulnerabilities can be found here

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
contrailjuniper networksjunospatchsecuritysecurity vulnerability

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can&#8217;t protect what you can&#8217;t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

Most Read Articles

Datacom ends DXC's 10-year reign as TfNSW's network services provider

Datacom ends DXC's 10-year reign as TfNSW's network services provider
Accenture picks up another $21.6m for Australia's business register overhaul

Accenture picks up another $21.6m for Australia's business register overhaul
Coles hires more new heads of technology

Coles hires more new heads of technology
Victoria signs gov-wide cloud deal with AWS

Victoria signs gov-wide cloud deal with AWS

Digital Nation

Personalisation strategies need to be built from the ground up
Personalisation strategies need to be built from the ground up
Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: EY invests in AI to improve approach to flexible working
Case Study: EY invests in AI to improve approach to flexible working
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: Multicloud business drivers at MLC Life Insurance
Case study: AFL kicks goals with its new digital platform
Case study: AFL kicks goals with its new digital platform

Log In

  |  Forgot your password?