September 28, 2020

Language:

19-03: ក្រុមហ៊ុន Juniper Network ចេញផ្សាយអំពីការអាប់ដេតសន្តិសុខដើម្បីជួសជុលចំនុចខ្សោយជាច្រើន

១.ព័ត៌មានទូទៅ

ក្រុមហ៊ុន Juniper Networks ដែលត្រូបានគេស្គាល់ថាជាក្រុមហ៊ុនល្បីលប្បាញលក់ឧបករណ៍បណ្តាញមានដូចជា៖ routers, switches, កម្មវិធីគ្រប់គ្រងបណ្តាញ និងសុវត្ថិភាពបណ្តាញ បានបញ្ចេញការអាប់ដេតនៃសន្តិសុខជាច្រើនដើម្បីដោះជួសជុលចំនុចខ្សោយនៅក្នុងផលិតផល Juniper ផ្សេងៗ។ អ្នកវាយប្រហារពីចម្ងាយអាចវាយលុកលើចំនុចខ្សោយទាំងនេះ ដើម្បីគ្រប់គ្រងប្រព័ន្ធដែលរងផលប៉ះពាល់។

២.ផលិតផលរងផលប៉ះពាល់

Status Version ID Title Views Last Updated
Published JSA10913 2019-01 Security Bulletin: Junos OS: RPD crash upon receipt of malformed PIM packet (CVE-2019-0013) 6,359 7 hours ago
Published JSA10912 2019-01 Security Bulletin: Junos OS: rpd crash on VPLS PE upon receipt of specific BGP message (CVE-2019-0012) 5,684 7 hours ago
Published JSA10911 2019-01 Security Bulletin: Junos OS: Kernel crash after processing specific incoming packet to the out of band management interface (CVE-2019-0011) 6,329 7 hours ago
Published JSA10906 2019-01 Security Bulletin: Junos OS: EX, QFX and MX series: Packet Forwarding Engine manager (FXPC) process crashes due to a crafted HTTP packet in a Virtual Chassis configuration (CVE-2019-0006) 10,963 7 hours ago
Published JSA10905 2019-01 Security Bulletin: Junos OS: EX and QFX series: Stateless firewall filter ignores IPv6 extension headers (CVE-2019-0005) 6,853 10 hours ago
Published JSA10900 2019-01 Security Bulletin: Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd). (CVE-2019-0001) 10,713 1 day ago
Published JSA10901 2019-01 Security Bulletin: Junos OS: EX2300 and EX3400 series: Certain stateless firewall filter rules might not take effect (CVE-2019-0002) 7,495 1 day ago
Published JSA10902 2019-01 Security Bulletin: Junos OS: A flowspec BGP update with a specific term-order causes routing protocol daemon (rpd) process to crash with a core. (CVE-2019-0003) 8,978 1 day ago
Published JSA10903 2019-01 Security Bulletin: Junos OS: vMX series: Predictable IP ID sequence numbers vulnerability (CVE-2019-0007) 6,436 1 day ago
Published JSA10904 2019-01 Security Bulletin: Junos OS: FreeBSD-SA-15:20.expat : Multiple integer overflows in expat (libbsdxml) XML parser (CVE-2015-1283) 8,067 1 day ago
Published JSA10907 2019-01 Security Bulletin: SRC Series: Multiple vulnerabilities in Juniper Networks Session and Resource Control (SRC) 5,272 1 day ago
Published JSA10909 2019-01 Security Bulletin: Junos OS: EX2300 and EX3400: High disk I/O operations may disrupt the communication between RE and PFE (CVE-2019-0009) 6,091 1 day ago
Published JSA10910 2019-01 Security Bulletin: Junos OS: SRX Series: Crafted HTTP traffic may cause UTM to consume all mbufs, leading to Denial of Service (CVE-2019-0010) 8,589 1 day ago
Published JSA10914 2019-01 Security Bulletin: Junos OS: QFX and PTX Series: FPC process crashes after J-Flow processes a malformed packet (CVE-2019-0014) 3,777 1 day ago
Published JSA10915 2019-01 Security Bulletin: Junos OS: SRX Series: Deleted dynamic VPN users are allowed to establish VPN connections until reboot (CVE-2019-0015) 4,612 1 day ag
Published JSA10916 2019-01 Security Bulletin: Junos OS: Multiple vulnerabilities in libxml2 7,632 1 day ago
Published JSA10917 2019-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 18.3R1 and 18.4R1 releases 5,208 1 day ago
Published JSA10918 2019-01 Security Bulletin: Juniper ATP: Multiple vulnerabilities resolved in 5.0.3 and 5.0.4 6,385 1 day ago
Published JSA10919 2019-01 Security Bulletin: Junos OS: OpenSSL Security Advisories [16 Apr 2018] and [12 June 2018] 5,843 1 day ago

៣.ការណែនាំ

អភិបាលគ្រប់គ្រងទៅលើប្រព័ន្ធ និងអ្នកប្រើប្រាស់ផលិតផល Juniper គួរតែធ្វើការអាប់ដេតទៅកាន់កំណែចុងក្រោយបង្អស់ ដើម្បីការមិនឱ្យមានការវាយលុកទៅលើចំនុចខ្សោយនេះ។

តំណភ្ជាប់ទៅកាន់ទំព័រនៃការអាប់ដេត

៤.ឯកសារពាក់ព័ន្ធ

  • https://www.us-cert.gov/ncas/current-activity/2019/01/09/Juniper-Networks-Releases-Multiple-Security-Updates
  • https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
***Disclaimer: CamCERT own some of the content. Our purpose is pure to help spread the awareness, tips or other information related to security to everyone. Even though every information is true, accurate, completed and appropriate, we make no responsibility nor warranty since everything could go wrong.