SUPPORT

Select Your Region

Visit the Cary, NC, US corporate headquarters site

Americas

Europe

Middle East & Africa

Asia Pacific

View our worldwide contacts list for help finding your region

Americas

Europe

Middle East & Africa

Asia Pacific

Sign In

Get access to My SAS, trials, communities and more.

Sign Out

Get access to My SAS, trials, communities and more.

SAS Sites

sas.com
Support
Blogs
Communities
Developer
Curiosity
Videos

Documentation

Learn
Brand
PartnerNet
Merchandise
SUPPORT / SAMPLES & SAS NOTES
 

Support

Problem Note 59197: A security vulnerability currently exists in SAS® Cloud Analytic Services

DetailsHotfixAboutRate It

Problem

A security vulnerability exists in SAS Cloud Analytic Services (CAS) in SAS® Viya™ 3.1. An attacker with knowledge of this vulnerability and network access to the CAS server can access restricted data.

Update Your Software to Fix This Issue

Important: All production sites should apply the update for this problem.

The correction for the issue is to update your version of SAS Viya. A link to the software update and instructions is available on the Hot Fix tab. To access this link, click the Hot Fix tab in this note.

Now Verify That the Update Has Been Installed

It is important that you now verify that the fix is installed. To do so, run the following rpm commands:

rpm -q sas-tkcas rpm -q sas-tkmtrb

To complete this process, make sure that the package versions shown in the rpm output match or are newer than the following.

sas-tkcas-01.02.01-20161019.144915206767.x86_64 sas-tkmtrb-01.01.01-20161019.145732689800.x86_64

If You Need Additional Assistance

If needed, contact SAS Technical Support.



Operating System and Release Information

Product FamilyProductSystemSAS Release
ReportedFixed*
SAS SystemN/ALinux for x64
* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.