SUPPORT / SAMPLES & SAS NOTES
 

Support

Problem Note 60210: A security vulnerability currently exists in the sas-tkcore package SAS® Viya™ 3.1 and SAS® Viya™ 3.2

DetailsHotfixAboutRate It

Severity: High

Description: A security vulnerability in the sas-tkcore package exists in SAS Viya 3.1 and SAS Viya 3.2.

Potential Impact: An attacker with knowledge of this vulnerability and network access to the SAS Viya servers can access restricted data.

Update Your Software to Fix This Issue

Important:  All production sites should apply the update for this problem.

The correction for the issue is to update your version of SAS Viya. A link to the instructions on how to access and apply the software update is available on the Hot Fix tab. Click the Hot Fix tab and update your software using the instructions.

Now Verify That the Update Has Been Installed

It is important that you now verify that the fix is installed. To do so, run the following rpm command:

rpm -q sas-tkcore

To complete this process, make sure that the package version shown in the rpm output matches or is newer than the following.

Version info for SAS Viya 3.1:

sas-tkcore-03.02.02-20171027.155420110492.x86_64

Version info for SAS Viya 3.2:

sas-tkcore-03.05.02-20171101.155415171378.x86_64

If You Need Additional Assistance

If needed, contact SAS Technical Support.



Operating System and Release Information

Product FamilyProductSystemProduct ReleaseSAS Release
ReportedFixed*ReportedFixed*
SAS SystemSAS ViyaLinux for x643.13.3
* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.