Problem Note 60908: OpenSSL vulnerabilities exist in the SAS® 9.4 Web Server (OpenSSL advisories through 26th January 2017)
SAS 9.4 Web Server includes OpenSSL 1.0.2j and earlier (dependent on the maintenance level of your SAS 9.4 software). OpenSSL 1.0.2j contains vulnerabilities per a January 26, 2017 advisory on the OpenSSL website.
Note: SAS 9.4 Web Server is part of the SAS® 9.4 Integration Technologies middle tier. The web server is included with SAS® BI Server, SAS® Enterprise BI Server, SAS® Visual Analytics, and any SAS® solution that includes a middle tier.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
SAS System | SAS Web Server | Microsoft® Windows® for x64 | 9.4 | 9.44 | 9.4 TS1M0 | 9.4 TS1M5 |
64-bit Enabled AIX | 9.4 | 9.44 | 9.4 TS1M0 | 9.4 TS1M5 |
64-bit Enabled Solaris | 9.4 | 9.44 | 9.4 TS1M0 | 9.4 TS1M5 |
HP-UX IPF | 9.4 | 9.44 | 9.4 TS1M0 | 9.4 TS1M5 |
Linux for x64 | 9.4 | 9.44 | 9.4 TS1M0 | 9.4 TS1M5 |
Solaris for x64 | 9.4 | 9.44 | 9.4 TS1M0 | 9.4 TS1M5 |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | high |
Date Modified: | 2019-09-18 15:31:07 |
Date Created: | 2017-08-10 09:24:12 |