Juniper makes a meal of Spectre/Meltdown

Roundup Juniper Networks has issued its semi-regular bug-dump, with sixteen advisories arriving late last week. There's a Spectre/Meltdown patch in there, but you need to go looking: it's in the Junos Space management platform, along with various other items.

Junos Space also received one fix for BIND, and a merry collection of 17 Java SE bugs from 2017 and 2018.

Contrail Service Orchestration scored six patches across various releases here – don't skip over them, because one is a hardcoded credentials fix.

If you're running an SRX device running Junos OS 12.1X46, 12.3X48, 15.1X49, 17.3, 17.4, 18.1, 18.2, and operating as a DNS proxy, there are four BIND bugs to patch in this advisory.

By the look of this advisory, a check of which cURL versions were in use in Junos OS was well overdue. The oldest vulnerability reported in the list dates back to 2000 – CVE-2000-0973, the first ever reported for the URL download scripting tool.

The Gin Palace's hard work includes another twelve point fixes listed here.

While we're in a BIND

The Internet Systems Consortium announced a bug-fix for BIND, and the good news is most sysadmins probably don't need to rush things.

The issue only affects a handful of versions in the BIND 9 release series, and only if your system is likely to accept zone data via zone transfer from untrusted sources. In that case, an extremely large zone transfer can crash the process or corrupt the journal files.

ETSI pushes mission-critical push-to-talk, but does it matter?

ETSI was pleased with itself earlier this month, announcing a successful “plugtest” for Mission Critical Push to Talk (MCPTT), Mission Critical Data (MCDATA) and Mission Critical Video (MCVIDEO).

Thirty-one vendors took part in the interoperability test, and ETSI's announcement says the test yielded a “92 per cent success rate” from 100 test cases and more than 2,000 individual tests.

And yes, actually it does matter: while push-to-talk on mobiles failed to launch for consumers, it's the dominant model for emergency services users.

These tests are to evaluate public safety LTE applications, to demonstrate push-to-talk interoperability outside Europe, and provided the first evaluation tests for mission-critical data and video (MCDATA and MCVIDEO).

Nokia to ship €1 billion of kit to China Mobile

Nokia has landed a billion-dollar network refresh for China Mobile. The first chunk of the contract is a “one year frame agreement” covering radio access, core networks, fixed access, IP routing, optical transport, customer experience management, and services.

Netskope peckish, swallows Sift Security

Netskope decided it needed a security business with a dash of machine learning, analytics, and graph visualisation, so it's acquired Sift Security.

Sift's Cloud Hunter security platform will be integrated into Netskope's Security Cloud, providing data loss protection, threat protection, configuration, and posture management.

Terms of the deal weren't announced, but Sift's CEO Neil King comes along with the company, and will head up product strategy and management for Netskope for IaaS.

SD-WAN for x86 or ARM boxen

SDN/NFV vendor Telco Systems has teamed up with Fat Pipe Networks to create a universal CPE (uCPE) box with realtime SD-WAN and virtualised network function (VNF) services.

The pitch to carriers is about manageability and upgradeability: instead of worrying about whether a customer can configure a firewall, a service provider can run firewall functions in the cloud, on behalf of the uCPE.

It's based on Telco Systems' NFVTime CPE device and FatPipe's SD-WAN offering, and the announcement says carriers can “expand service offerings to include additional VNF services using any Intel or ARM hardware.”

Telcos Systems' NFVTime includes an operating system, uCPE management and orchestration (MANO), and a bunch of centrally-managed VNFs.

Under the partnership, Fat Pipe's SD-WAN comes as a VNF under Telco Systems' NFVi-OS operating system, letting telcos deploy additional VNF service chains including virtual routers, firewalls, probes and security services without having to touch the customer CPE. ®