For SAS 9.3 and SAS 9.4 in UNIX and z/OS operating environments, the SSL capability in SAS Foundation products includes OpenSSL 1.0.1, which contains security vulnerabilities. These vulnerabilities are described in the OpenSSL Security Advisory (3rd May 2016).

OpenSSL version 1.0.2h corrects the problem, and is available via a hot fix.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

A fix for this issue for Base SAS 9.4_M3 is available at:

A fix for this issue for SAS/Secure SSL 9.4_M3 is available at:

A fix for this issue for Base SAS 9.4_M2 is available at:

A fix for this issue for SAS/Secure SSL 9.4_M2 is available at:

A fix for this issue for Base SAS 9.4_M1 is available at:

A fix for this issue for SAS/Secure SSL 9.4_M1 is available at:

A fix for this issue for Base SAS 9.4 is available at:

A fix for this issue for SAS/Secure SSL 9.4 is available at:

A fix for this issue for Base SAS 9.3_M2 is available at:

A fix for this issue for SAS/Secure SSL 9.3_M2 is available at:

A fix for this issue for Base SAS 9.3_M1 is available at:

A fix for this issue for SAS/Secure SSL 9.3_M1 is available at:

A fix for this issue for Base SAS 9.3 is available at:

A fix for this issue for SAS/Secure SSL 9.3 is available at: