Juniper Releases Fixes for Serious Flaws in Contrail Networking and Junos OS

A number of security flaws affecting a number of products have been fixed by Juniper Networks, some of which may be used to take over vulnerable systems.

The most serious problems impact Contrail Networking and Junos Space, and the tech business advises users to update to versions 22.1R1 and 21.4.0, respectively.

The most significant of these is a group of 31 flaws in the Junos Space network management programme, including CVE-2021-23017 (CVSS score: 9.4), which might cause arbitrary code execution or potentially cause a crash of susceptible devices.

According to the business, “a security flaw in nginx resolver was detected,” which might allow an attacker to corrupt one byte of memory and crash a worker process by forging UDP packets from the DNS server.

Versions 5.1.0 Service Pack 6 and 6.2.2 of Northstar Controller both address the same security flaw.

The manufacturer of networking equipment also advised users that CentOS 6.8, which ships with Junos Space Policy Enforcer prior to version 22.1R1, has a number of known concerns. As mitigations, CentOS 7.9 has been updated to include the Policy Enforcer component.

Additionally, 166 security flaws that affect all versions of its Contrail Networking software before 21.4.0 and have been given a combined CVSS score of 10.0 are also included.

The Open Container Initiative (OCI)-compliant Red Hat Universal Base Image (UBI) container image from Red Hat Enterprise Linux 7 to Red Hat Enterprise Linux 8 has been upgraded in release 21.4.0, according to a Juniper Networks Contrail Networking advisory, which states that “multiple vulnerabilities in third party software used in Contrail Networking have been resolved.”




Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More

Advertisement

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More