54374 - Secure Sockets Layer (SSL) capability in SAS® Foundation products is susceptible to the POODLE security vulnerability

Problem Note 54374: Secure Sockets Layer (SSL) capability in SAS® Foundation products is susceptible to the POODLE security vulnerability

The Secure Sockets Layer (SSL) capability in SAS Foundation products supports SSL 3.0. As a result, it is susceptible to the POODLE vulnerability that is described in the following documents:

The SSL capability can be used in SAS Foundation products in a variety of ways, for example:

a SAS/CONNECT^® spawner configured for SSL or its successor, Transport Layer Security (TLS)
a SAS/SHARE^® server configured for SSL or TLS
a LIBNAME URL or a LIBNAME WebDAV statement that specifies an HTTPS URL
an HTTP procedure or SOAP procedure step that specifies an HTTPS URL
a SAS^® Metadata Server that is configured for direct use of Lightweight Directory Access Protocol (LDAP) authentication using SSL or TLS

Please contact SAS Technical Support to obtain the hot fix for this issue.

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
Product Family	Product	System	Reported	Fixed*	Reported	Fixed*
SAS System	Base SAS	OpenVMS on HP Integrity	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		Linux for x64	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		Linux	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		HP-UX IPF	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		64-bit Enabled Solaris	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		64-bit Enabled HP-UX	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		64-bit Enabled AIX	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		Windows Vista for x64	9.21		9.2 TS2M0
		Windows Vista	9.21		9.2 TS2M0
		Microsoft Windows XP Professional	9.21		9.2 TS2M0
		Microsoft Windows Server 2008 for x64	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		Microsoft Windows Server 2008 R2	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		Microsoft Windows Server 2003 for x64	9.21		9.2 TS2M0
		Microsoft Windows Server 2003 Standard Edition	9.21		9.2 TS2M0
		Microsoft Windows Server 2003 Enterprise Edition	9.21		9.2 TS2M0
		Microsoft Windows Server 2003 Datacenter Edition	9.21		9.2 TS2M0
		Microsoft® Windows® for x64	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		Microsoft Windows XP 64-bit Edition	9.21		9.2 TS2M0
		Microsoft Windows Server 2003 Enterprise 64-bit Edition	9.21		9.2 TS2M0
		Microsoft Windows Server 2003 Datacenter 64-bit Edition	9.21		9.2 TS2M0
		Microsoft® Windows® for 64-Bit Itanium-based Systems	9.21		9.2 TS2M0
		z/OS	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		Solaris for x64	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
SAS System	SAS/CONNECT	z/OS	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		Microsoft® Windows® for 64-Bit Itanium-based Systems	9.21		9.2 TS2M0
		Microsoft Windows Server 2003 Datacenter 64-bit Edition	9.21		9.2 TS2M0
		Microsoft Windows Server 2003 Enterprise 64-bit Edition	9.21		9.2 TS2M0
		Microsoft Windows XP 64-bit Edition	9.21		9.2 TS2M0
		Microsoft® Windows® for x64	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		Microsoft Windows Server 2003 Datacenter Edition	9.21		9.2 TS2M0
		Microsoft Windows Server 2003 Enterprise Edition	9.21		9.2 TS2M0
		Microsoft Windows Server 2003 Standard Edition	9.21		9.2 TS2M0
		Microsoft Windows Server 2003 for x64	9.21		9.2 TS2M0
		Microsoft Windows Server 2008 R2	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		Microsoft Windows Server 2008 for x64	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		Microsoft Windows XP Professional	9.21		9.2 TS2M0
		Windows Vista	9.21		9.2 TS2M0
		Windows Vista for x64	9.21		9.2 TS2M0
		64-bit Enabled AIX	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		64-bit Enabled HP-UX	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		64-bit Enabled Solaris	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		HP-UX IPF	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		Linux	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		Linux for x64	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		OpenVMS on HP Integrity	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
		Solaris for x64	9.21	9.4_M3	9.2 TS2M0	9.4 TS1M3
SAS System	SAS/SHARE	z/OS	9.21	9.4_M2	9.2 TS2M0	9.4 TS1M3
		Microsoft® Windows® for 64-Bit Itanium-based Systems	9.21		9.2 TS2M0
		Microsoft Windows Server 2003 Datacenter 64-bit Edition	9.21		9.2 TS2M0
		Microsoft Windows Server 2003 Enterprise 64-bit Edition	9.21		9.2 TS2M0
		Microsoft Windows XP 64-bit Edition	9.21		9.2 TS2M0
		Microsoft® Windows® for x64	9.21	9.4_M2	9.2 TS2M0	9.4 TS1M3
		Microsoft Windows Server 2003 Datacenter Edition	9.21		9.2 TS2M0
		Microsoft Windows Server 2003 Enterprise Edition	9.21		9.2 TS2M0
		Microsoft Windows Server 2003 Standard Edition	9.21		9.2 TS2M0
		Microsoft Windows Server 2003 for x64	9.21		9.2 TS2M0
		Microsoft Windows Server 2008 R2	9.21	9.4_M2	9.2 TS2M0	9.4 TS1M3
		Microsoft Windows Server 2008 for x64	9.21	9.4_M2	9.2 TS2M0	9.4 TS1M3
		Microsoft Windows XP Professional	9.21		9.2 TS2M0
		Windows Vista	9.21		9.2 TS2M0
		Windows Vista for x64	9.21		9.2 TS2M0
		64-bit Enabled AIX	9.21	9.4_M2	9.2 TS2M0	9.4 TS1M3
		64-bit Enabled HP-UX	9.21	9.4_M2	9.2 TS2M0	9.4 TS1M3
		64-bit Enabled Solaris	9.21	9.4_M2	9.2 TS2M0	9.4 TS1M3
		HP-UX IPF	9.21	9.4_M2	9.2 TS2M0	9.4 TS1M3
		Linux	9.21	9.4_M2	9.2 TS2M0	9.4 TS1M3
		Linux for x64	9.21	9.4_M2	9.2 TS2M0	9.4 TS1M3
		OpenVMS on HP Integrity	9.21	9.4_M2	9.2 TS2M0	9.4 TS1M3
		Solaris for x64	9.21	9.4_M2	9.2 TS2M0	9.4 TS1M3

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

Type:	Problem Note
Priority:	alert

Date Modified:	2015-01-06 19:16:53
Date Created:	2014-10-18 13:37:13