59197 - A security vulnerability currently exists in SAS® Cloud Analytic Services

Problem Note 59197: A security vulnerability currently exists in SAS® Cloud Analytic Services

Problem

A security vulnerability exists in SAS Cloud Analytic Services (CAS) in SAS^® Viya™ 3.1. An attacker with knowledge of this vulnerability and network access to the CAS server can access restricted data.

Update Your Software to Fix This Issue

Important: All production sites should apply the update for this problem.

The correction for the issue is to update your version of SAS Viya. A link to the software update and instructions is available on the Hot Fix tab. To access this link, click the Hot Fix tab in this note.

Now Verify That the Update Has Been Installed

It is important that you now verify that the fix is installed. To do so, run the following rpm commands:

rpm -q sas-tkcas rpm -q sas-tkmtrb

To complete this process, make sure that the package versions shown in the rpm output match or are newer than the following.

sas-tkcas-01.02.01-20161019.144915206767.x86_64 sas-tkmtrb-01.01.01-20161019.145732689800.x86_64

If You Need Additional Assistance

If needed, contact SAS Technical Support.

Operating System and Release Information

Product Family	Product	System	SAS Release
			Reported	Fixed*
SAS System	N/A	Linux for x64

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

An update for this issue is available. For instructions on how to access and apply software updates, see the Software Updates section of the SAS Viya 3.1 Administration document at

http://documentation.sas.com/#/?softwareId=administration&softwareVersion=3.1&softwareContextId=softwareUpdates

Type:	Problem Note
Priority:	alert

Date Modified:	2016-11-23 09:47:14
Date Created:	2016-10-21 11:03:35