SUPPORT / SAMPLES & SAS NOTES
Problem Note 54073: OpenSSL security vulnerabilities (6 Aug 2014) exist in SAS/SECURE™ software
 |  |  |  |  |
For SAS® 9.3, SAS® 9.4 TS1M0, and SAS 9.4 TS1M1 in UNIX and z/OS operating environments, SAS/SECURE software includes OpenSSL 0.9.8, which contains security vulnerabilities. For SAS 9.4 TS1M2 under UNIX and z/OS, SAS/SECURE software includes OpenSSL 1.0.1h, which contains the same vulnerabilities. These vulnerabilities are described in the OpenSSL Security Advisory (06 Aug 2014).
Click the Hot Fix tab in this note to access the hot fix for this issue.
The hot fixes for SAS 9.3, SAS 9.4 TS1M0, and SAS 9.4 TS1M1 upgrade OpenSSL to version 0.9.8zb. The hot fix for SAS 9.4 TS1M2 upgrades OpenSSL to version 1.0.1i.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS/SECURE | z/OS | 9.4 | 9.4 | 9.4 TS1M0 | 9.4 TS1M3 |
| Z64 | 9.4 | 9.4 | 9.4 TS1M0 | 9.4 TS1M3 | ||
| 64-bit Enabled AIX | 9.4 | 9.4 | 9.4 TS1M0 | 9.4 TS1M3 | ||
| 64-bit Enabled Solaris | 9.4 | 9.4 | 9.4 TS1M0 | 9.4 TS1M3 | ||
| HP-UX IPF | 9.4 | 9.4 | 9.4 TS1M0 | 9.4 TS1M3 | ||
| Linux for x64 | 9.4 | 9.4 | 9.4 TS1M0 | 9.4 TS1M3 | ||
| Solaris for x64 | 9.4 | 9.4 | 9.4 TS1M0 | 9.4 TS1M3 | ||
| SAS System | SAS/SECURE 168-bit | z/OS | 9.3 | 9.3 TS1M2 | ||
| Z64 | 9.3 | 9.3 TS1M2 | ||||
| 64-bit Enabled AIX | 9.3 | 9.3 TS1M2 | ||||
| 64-bit Enabled HP-UX | 9.3 | 9.3 TS1M2 | ||||
| 64-bit Enabled Solaris | 9.3 | 9.3 TS1M2 | ||||
| HP-UX IPF | 9.3 | 9.3 TS1M2 | ||||
| Linux | 9.3 | 9.3 TS1M2 | ||||
| Linux for x64 | 9.3 | 9.3 TS1M2 | ||||
| Solaris for x64 | 9.3 | 9.3 TS1M2 | ||||