For SAS^® 9.3, SAS^® 9.4 TS1M0, and SAS 9.4 TS1M1 in UNIX and z/OS operating environments, the SSL capability in SAS Foundation products includes OpenSSL 0.9.8, which contains security vulnerabilities. For SAS 9.4 TS1M2 under UNIX and z/OS, the SSL capability in SAS Foundation products includes OpenSSL 1.0.1h, which contains the same vulnerabilities. For SAS 9.4 TS1M3 under UNIX and z/OS, the SSL capability in SAS Foundation products includes OpenSSL 1.0.1m, which contains the same vulnerabilities. These vulnerabilities are described in the OpenSSL Security Advisory (4 Dec 2015).

Click the Hot Fix tab in this note to access the hot fix for this issue.

The hot fixes for SAS 9.3 TS1M0, SAS 9.4 TS1M0, and SAS 9.4 TS1M1 upgrade OpenSSL to version 0.9.8zh. The hot fix for SAS 9.4 TS1M2 and SAS 9.4 TS1M3 upgrade OpenSSL to version 1.0.1r.

Operating System and Release Information

A fix for this issue for Base SAS 9.4_M3 is available at:

A fix for this issue for SAS/Secure SSL 9.4_M3 is available at:

A fix for this issue for Base SAS 9.4_M2 is available at:

A fix for this issue for SAS/Secure SSL 9.4_M2 is available at:

A fix for this issue for Base SAS 9.4_M1 is available at:

A fix for this issue for SAS/Secure SSL 9.4_M1 is available at:

A fix for this issue for Base SAS 9.4 is available at:

A fix for this issue for SAS/Secure SSL 9.4 is available at:

A fix for this issue for Base SAS 9.3_M2 is available at:

A fix for this issue for SAS/Secure SSL 9.3_M2 is available at:

A fix for this issue for Base SAS 9.3_M1 is available at:

A fix for this issue for SAS/Secure SSL 9.3_M1 is available at:

A fix for this issue for Base SAS 9.3 is available at:

A fix for this issue for SAS/Secure SSL 9.3 is available at: