Problem Note 61700: OpenSSL vulnerabilities exist in the Secure Sockets Layer (SSL) capability in SAS® Foundation products (OpenSSL advisories through 02 November 2017)
Severity: Medium
Description: For SAS® 9.3 and SAS® 9.4 in the z/OS and UNIX operating environments, the SSL capability in SAS® Foundation products includes OpenSSL 1.0.2j, which contains security vulnerabilities. The vulnerabilities are described here: OpenSSL Security Advisory (02 Nov 2017)
Potential Impact: Under certain conditions, someone might be able to decrypt data.
Click the Hot Fix tab in this note to access the hot fix for this issue.
OpenSSL version 1.0.2n corrects the problem, and this version is available in the hot fix.
Operating System and Release Information
SAS System | SAS Foundation | Solaris for x64 | 9.3 TS1M0 | |
Linux | 9.3 TS1M0 | |
Linux for x64 | 9.3 TS1M0 | |
HP-UX IPF | 9.3 TS1M0 | |
64-bit Enabled Solaris | 9.3 TS1M0 | |
64-bit Enabled HP-UX | 9.3 TS1M0 | |
64-bit Enabled AIX | 9.3 TS1M0 | |
z/OS 64-bit | 9.3 TS1M0 | |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | high |
Date Modified: | 2018-01-15 11:35:39 |
Date Created: | 2018-01-11 11:36:26 |