Problem Note 59244: OpenSSL vulnerabilities exist in the Secure Sockets Layer (SSL) capability in SASĀ® Foundation products (OpenSSL advisories through 26 September 2016)
 |  |  |  |  |
For SAS 9.3 and SAS 9.4 in UNIX and z/OS operating environments, the SSL capability in SAS® Foundation products includes OpenSSL 1.0.2h and 1.0.2i, which contain security vulnerabilities.
The vulnerabilities are described here:
OpenSSL version 1.0.2j corrects the problem and is available via a hot fix.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | Base SAS | 64-bit Enabled Solaris | 9.3 | 9.4_M4 | 9.3 TS1M0 | 9.4 TS1M4 |
| HP-UX IPF | 9.3 | 9.4_M4 | 9.3 TS1M0 | 9.4 TS1M4 | ||
| Linux | 9.3 | 9.4_M4 | 9.3 TS1M0 | 9.4 TS1M4 | ||
| Linux for x64 | 9.3 | 9.4_M4 | 9.3 TS1M0 | 9.4 TS1M4 | ||
| 64-bit Enabled HP-UX | 9.3 | 9.4_M4 | 9.3 TS1M0 | 9.4 TS1M4 | ||
| 64-bit Enabled AIX | 9.3 | 9.4_M4 | 9.3 TS1M0 | 9.4 TS1M4 | ||
| z/OS 64-bit | 9.3 | 9.4_M4 | 9.3 TS1M0 | 9.4 TS1M4 | ||
| z/OS | 9.3 | 9.4_M4 | 9.3 TS1M0 | 9.4 TS1M4 | ||
| Solaris for x64 | 9.3 | 9.4_M4 | 9.3 TS1M0 | 9.4 TS1M4 | ||
A fix for this issue for Base SAS 9.4_M3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/V01.html#59244A fix for this issue for SAS/Secure SSL 9.4_M3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/V53.html#59244A fix for this issue for Base SAS 9.4_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/R19.html#59244A fix for this issue for SAS/Secure SSL 9.4_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/R08.html#59244A fix for this issue for Base SAS 9.4_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/M88.html#59244A fix for this issue for SAS/Secure SSL 9.4_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/P70.html#59244A fix for this issue for Base SAS 9.4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/L08.html#59244A fix for this issue for SAS/Secure SSL 9.4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/P69.html#59244A fix for this issue for Base SAS 9.3_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/I22.html#59244A fix for this issue for SAS/Secure SSL 9.3_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/I47.html#59244A fix for this issue for Base SAS 9.3_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/F98.html#59244A fix for this issue for SAS/Secure SSL 9.3_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/T21.html#59244A fix for this issue for Base SAS 9.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E80.html#59244A fix for this issue for SAS/Secure SSL 9.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/U37.html#59244| Type: | Problem Note |
| Priority: | medium |
| Date Modified: | 2016-10-27 14:52:31 |
| Date Created: | 2016-10-26 14:42:48 |