Severity: High
Description: A security vulnerability in the sas-tkcore package exists in SAS Viya 3.1 and SAS Viya 3.2.
Potential Impact: An attacker with knowledge of this vulnerability and network access to the SAS Viya servers can access restricted data.
Important: All production sites should apply the update for this problem.
The correction for the issue is to update your version of SAS Viya. A link to the instructions on how to access and apply the software update is available on the Hot Fix tab. Click the Hot Fix tab and update your software using the instructions.
It is important that you now verify that the fix is installed. To do so, run the following rpm command:
To complete this process, make sure that the package version shown in the rpm output matches or is newer than the following.
Version info for SAS Viya 3.1:
Version info for SAS Viya 3.2:
If needed, contact SAS Technical Support.
Product Family | Product | System | Product Release | SAS Release | ||
Reported | Fixed* | Reported | Fixed* | |||
SAS System | SAS Viya | Linux for x64 | 3.1 | 3.3 |