New updated ScreenOS Signing Key, Boot Loader and ScreenOS images

Alert Description:

Juniper Networks has identified a potential exposure of the digital key used to sign NetScreen devices that run ScreenOS software images. While there is no evidence of a compromise, Juniper has taken proactive steps to revoke the old signing key and move to a new signing key for all NetScreen devices that run ScreenOS software. This measure applies only to NetScreen devices that run ScreenOS software, and does not apply to any other Juniper products.

Solution:
Customers who have installed any upgrades or patches to their ScreenOS products since 1 June 2014 are being advised to install the new signing key, ScreenOS and Boot Loader (when applicable) immediately; this will confirm the authenticity of the upgrades or patches completed since 1 June 2014. All customers will need to install these components to support future upgrades or patches to their ScreenOS products.


Customers are being asked to review the TSB16495 carefully and follow instructions for installing the new signing key, as necessary.