Juniper Networks patches dozens of vulnerabilities

Juniper Networks issued 11 security alerts, two critical, five
high and four medium, for a large number of vulnerabilities across a several
product lines.

The critical issues cover Steel Belted Radius Carrier Edition
and Junos Space. The former product contains 21 CVEs and affects Steel Belted
Radius Carrier Edition 8.4R14 on RHEL6 (32-bit), RHEL6 (64-bit), RHEL7, Sparc
Solaris (32-bit), Sparc Solaris (64-bit) and 8.5R5 on RHEL6 (64-bit), RHEL7,
Sparc Solaris (64-bit) and all subsequent releases, Juniper
said. Patches and updates correcting the issues are available and
there is no evidence of these issues being exploited.

Junos Space 19.2R1 and all subsequent releases are covered
by 15 CVEs all of which have been mitigated with patches available here. The company
also recommends that to reduce the risk of exploitation of these issues, use
access lists or firewall filters to limit access to Junos Space to only trusted
administrative networks, hosts and users.

The five high-rated alerts are for Juniper Secure Analytics,
Junos OS, Junos OS with J-Web
enabled and SRX Series platforms running Junos OS. Some of the problems that
can arise if the associated vulnerabilities are exploited include a denial of
service situation, stack-base overflow, causing the local routing protocol
daemon process to crash and restart and processor crash.

Links to the updates and patches for the high and medium
patches can be found here.