Problem Note 58194: OpenSSL vulnerabilities exist in the SAS® 9.4 Web Server (OpenSSL advisories through 3rd May 2016)
SAS 9.4 Web Server includes OpenSSL 1.0.1p and earlier (dependent on the maintenance level of your SAS 9.4 software). These versions of OpenSSL contain security vulnerabilities, which are described in OpenSSL security advisories through 3rd May 2016 at openssl.org/news/vulnerabilities.html.
Note: SAS 9.4 Web Server is part of the SAS® 9.4 Integration Technologies middle tier. The web server is included with SAS® BI Server, SAS® Enterprise BI Server, SAS® Visual Analytics, and any SAS® solution that includes a middle tier.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
SAS System | SAS Web Server | Solaris for x64 | 9.4 | 9.43 | 9.4 TS1M0 | 9.4 TS1M4 |
Linux for x64 | 9.4 | 9.43 | 9.4 TS1M0 | 9.4 TS1M4 |
HP-UX IPF | 9.4 | 9.43 | 9.4 TS1M0 | 9.4 TS1M4 |
64-bit Enabled Solaris | 9.4 | 9.43 | 9.4 TS1M0 | 9.4 TS1M4 |
64-bit Enabled AIX | 9.4 | 9.43 | 9.4 TS1M0 | 9.4 TS1M4 |
Microsoft® Windows® for x64 | 9.4 | 9.43 | 9.4 TS1M0 | 9.4 TS1M4 |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | high |
Date Modified: | 2016-06-01 13:56:00 |
Date Created: | 2016-05-11 12:11:28 |