Wait what? JunOS ships php to network devices? Wasn't aware of that. "2017-07 Security Bulletin: Junos OS: Integer signedness error in GD Graphics Library (CVE-2016-3074)"
"WORKAROUND:* Disable well known services such as J-Web, XNM-SSL, that can utilize onboard PHP scripting* Discontinue use of Netconf with PHP* Discontinue use of PyEZ with PHP" https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10798
@galaxis And they're only just a little tiny wee bit over a year late with patching CVE-2016-3074 (published in April 2016).