Problem Note 55767: OpenSSL security vulnerabilities (19 Mar 2015) exist in the Secure Sockets Layer (SSL) capability in SASĀ® Foundation products
For SAS® 9.3, SAS® 9.4 TS1M0, and SAS 9.4 TS1M1 in UNIX and z/OS operating environments, the SSL capability in SAS Foundation products includes OpenSSL 0.9.8, which contains security vulnerabilities. For SAS 9.4 TS1M2 under UNIX and z/OS, the SSL capability in SAS Foundation products includes OpenSSL 1.0.1h, which contains the same vulnerabilities. These vulnerabilities are described in the OpenSSL Security Advisory (19 Mar 2015).
Click the Hot Fix tab in this note to access the hot fix for this issue.
The hot fixes for SAS 9.3, SAS 9.4 TS1M0, and SAS 9.4 TS1M1 upgrade OpenSSL to version 0.9.8zf. The hot fix for SAS 9.4 TS1M2 upgrades OpenSSL to version 1.0.1m.
Operating System and Release Information
SAS System | Base SAS | z/OS | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
Z64 | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
64-bit Enabled AIX | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
64-bit Enabled HP-UX | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
64-bit Enabled Solaris | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
HP-UX IPF | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
Linux | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
Linux for x64 | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
Solaris for x64 | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
SAS System | SAS/CONNECT | z/OS | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
Z64 | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
64-bit Enabled AIX | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
64-bit Enabled HP-UX | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
64-bit Enabled Solaris | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
HP-UX IPF | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
Linux | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
Linux for x64 | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
Solaris for x64 | 9.3_M2 | 9.4_M3 | 9.3 TS1M2 | 9.4 TS1M3 |
SAS System | SAS/SHARE | z/OS | 9.3_M1 | 9.4_M2 | 9.3 TS1M2 | 9.4 TS1M3 |
64-bit Enabled AIX | 9.3_M1 | 9.4_M2 | 9.3 TS1M2 | 9.4 TS1M3 |
64-bit Enabled HP-UX | 9.3_M1 | 9.4_M2 | 9.3 TS1M2 | 9.4 TS1M3 |
64-bit Enabled Solaris | 9.3_M1 | 9.4_M2 | 9.3 TS1M2 | 9.4 TS1M3 |
HP-UX IPF | 9.3_M1 | 9.4_M2 | 9.3 TS1M2 | 9.4 TS1M3 |
Linux | 9.3_M1 | 9.4_M2 | 9.3 TS1M2 | 9.4 TS1M3 |
Linux for x64 | 9.3_M1 | 9.4_M2 | 9.3 TS1M2 | 9.4 TS1M3 |
Solaris for x64 | 9.3_M1 | 9.4_M2 | 9.3 TS1M2 | 9.4 TS1M3 |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | alert |
Date Modified: | 2015-05-11 13:54:52 |
Date Created: | 2015-05-11 13:10:36 |