Problem Note 61700: OpenSSL vulnerabilities exist in the Secure Sockets Layer (SSL) capability in SAS® Foundation products (OpenSSL advisories through 02 November 2017)
 |  |  |  |  |
Severity: Medium
Description: For SAS® 9.3 and SAS® 9.4 in the z/OS and UNIX operating environments, the SSL capability in SAS® Foundation products includes OpenSSL 1.0.2j, which contains security vulnerabilities. The vulnerabilities are described here: OpenSSL Security Advisory (02 Nov 2017)
Potential Impact: Under certain conditions, someone might be able to decrypt data.
Click the Hot Fix tab in this note to access the hot fix for this issue.
OpenSSL version 1.0.2n corrects the problem, and this version is available in the hot fix.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | SAS Foundation | Solaris for x64 | 9.3 TS1M0 | |
| Linux | 9.3 TS1M0 | |||
| Linux for x64 | 9.3 TS1M0 | |||
| HP-UX IPF | 9.3 TS1M0 | |||
| 64-bit Enabled Solaris | 9.3 TS1M0 | |||
| 64-bit Enabled HP-UX | 9.3 TS1M0 | |||
| 64-bit Enabled AIX | 9.3 TS1M0 | |||
| z/OS 64-bit | 9.3 TS1M0 | |||
A fix for this issue for Base SAS 9.4_M5 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/B6Q.html#61700A fix for this issue for SAS/Secure SSL 9.41_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/B8G.html#61700A fix for this issue for Base SAS 9.4_M4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/A3Z.html#61700A fix for this issue for SAS/Secure SSL 9.41_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/B8H.html#61700A fix for this issue for Base SAS 9.4_M3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/V01.html#61700A fix for this issue for SAS/Secure SSL 9.4_M3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/V53.html#61700A fix for this issue for Base SAS 9.4_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/R19.html#61700A fix for this issue for SAS/Secure SSL 9.4_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/R08.html#61700A fix for this issue for Base SAS 9.4_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/M88.html#61700A fix for this issue for SAS/Secure SSL 9.4_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/P70.html#61700A fix for this issue for Base SAS 9.4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/L08.html#61700A fix for this issue for SAS/Secure SSL 9.4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/P69.html#61700A fix for this issue for Base SAS 9.3_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/I22.html#61700A fix for this issue for SAS/Secure SSL 9.3_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/I47.html#61700A fix for this issue for Base SAS 9.3_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/F98.html#61700A fix for this issue for SAS/Secure SSL 9.3_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/T21.html#61700A fix for this issue for Base SAS 9.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E80.html#61700A fix for this issue for SAS/Secure SSL 9.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/U37.html#61700| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2018-01-15 11:35:39 |
| Date Created: | 2018-01-11 11:36:26 |