59371 - OpenSSL vulnerabilities exist in the SAS® 9.4 Web Server (OpenSSL advisories through 26th September 2016)

Problem Note 59371: OpenSSL vulnerabilities exist in the SAS® 9.4 Web Server (OpenSSL advisories through 26th September 2016)

SAS 9.4 Web Server includes OpenSSL 1.0.1t and earlier (dependent on the maintenance level of your SAS 9.4 software). These versions of OpenSSL contain security vulnerabilities, which are described in OpenSSL security advisories through 26th September 2016 on the OpenSSL website (openssl.org/news/vulnerabilities.html).

Note: SAS 9.4 Web Server is part of the SAS^® 9.4 Integration Technologies middle tier. The web server is included with SAS^® BI Server, SAS^® Enterprise BI Server, SAS^® Visual Analytics, and any SAS^® solution that includes a middle tier.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
Product Family	Product	System	Reported	Fixed*	Reported	Fixed*
SAS System	SAS Web Server	Solaris for x64	9.4		9.4 TS1M0
		Linux for x64	9.4		9.4 TS1M0
		HP-UX IPF	9.4		9.4 TS1M0
		64-bit Enabled Solaris	9.4		9.4 TS1M0
		64-bit Enabled AIX	9.4		9.4 TS1M0
		Microsoft® Windows® for x64	9.4		9.4 TS1M0

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

A fix for this issue for SAS Web Server 9.42 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/V75.html#59371

A fix for this issue for SAS Web Server 9.4_M2 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/S47.html#59371

A fix for this issue for SAS Web Server 9.4_M1 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/S48.html#59371

A fix for this issue for SAS Environment Manager 2.1_M1 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/S44.html#59371

A fix for this issue for SAS Web Server 9.4 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/S46.html#59371

A fix for this issue for SAS Environment Manager 2.1 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/S43.html#59371

Type:	Problem Note
Priority:	high

Date Modified:	2019-09-18 14:43:57
Date Created:	2016-11-17 12:02:37

Support

Problem Note 59371: OpenSSL vulnerabilities exist in the SAS® 9.4 Web Server (OpenSSL advisories through 26th September 2016)

Operating System and Release Information