Severity: Medium
Description: The following versions of PostgreSQL are used as the underlying technology for the SAS Web Infrastructure Platform Data Server:
Updates to these versions of SAS are being offered to keep current with security fixes to PostgreSQL.
These versions of PostgreSQL have the following known security vulnerabilities:
Potential Impact: These security concerns have the following impact:
SAS supports all versions of the database delivered with the product but only the latest version, PostgreSQL 12.x, continues to receive security fixes from the PostgreSQL community.
SAS® 9.4M0 (TS1M0) to SAS® 9.4M5 (TS1M5) delivered PostgreSQL 9.1.x for the SAS® Web Infrastructure Platform Data Server. With the exception of SAS 9.4M5, these databases cannot be updated or upgraded to a later release. The latest release that SAS 9.4M5 can be upgraded to is PostgreSQL 9.4.24, which is currently out of support by the PostgreSQL community. If you require SAS 9.4M5 to be upgraded to that release, contact SAS Technical Support for the manual steps.
Click the Hot Fix tab in this note to access the hot fix for this issue.
The hot fix in this SAS Note addresses the following scenarios:
It is highly recommended that, if you run SAS 9.4M6 and you require security updates to PostgreSQL, you upgrade to SAS 9.4M7 and PostgreSQL 12.x.
If you are unable to update to SAS 9.4M7 at this time but still require PostgreSQL 12.x, then you must contact SAS Technical Support for the paper about how to manually update PostgreSQL 9.x to 12.x.
If you are at SAS 9.4M6 and have already upgraded to PostgreSQL 12, then you can apply the hot fix in this note to update the PostgreSQL database to 12.8.
If you would like to update SAS 9.4M6 to the latest PostgreSQL 9.5.x supported and you have not yet upgraded to PostgreSQL 9.5.x, then you must follow the directions in the documentation Upgrading PostgreSQL.
Once your database is at 9.5.x or if it already is at 9.5.x from an out-of-the-box installation, then you can apply the hot fix in this note to update the PostgreSQL database to 9.5.24.
If you run SAS 9.4M7 and you have not yet upgraded to PostgreSQL 12.x, then you must follow the directions in the documentation Upgrading PostgreSQL if you want to keep receiving security fixes for your PostgreSQL instances.
Once your database is at 12.x or if it is already at 12.x from an out-of-the-box installation, then you can apply the hot fix in this note to update the PostgreSQL database to 12.20.
If you run SAS 9.4M8 and you have not yet upgraded to PostgreSQL 14.x, then you must follow the directions in the documentation Upgrading PostgreSQL if you want to keep receiving security fixes for your PostgreSQL instances.
Once your database is at 14.x or if it is already at 14.x from an out-of-the-box installation, then you can apply the hot fix in this note to update the PostgreSQL database to 14.13 with OpenSSL 3.1.2.
Note that when you perform the upgrade, sometimes the cursor is not returned to the user. The upgrade appears to stop responding after it reports that all databases have been upgraded. It is safe to press Ctrl-C to exit the upgrade at this point.
Product Family | Product | System | Product Release | SAS Release | ||
Reported | Fixed* | Reported | Fixed* | |||
SAS System | SAS Web Infrastructure Platform Data Server | Microsoft Windows Server 2016 | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 |
Microsoft Windows Server 2012 Std | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Microsoft Windows Server 2012 R2 Std | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Microsoft Windows Server 2012 R2 Datacenter | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Microsoft Windows Server 2012 Datacenter | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Microsoft Windows 10 | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Microsoft Windows 8.1 Pro x64 | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Microsoft Windows 8.1 Pro 32-bit | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Microsoft Windows 8.1 Enterprise x64 | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Microsoft Windows 8.1 Enterprise 32-bit | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Microsoft Windows 8 Pro x64 | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Microsoft Windows 8 Pro 32-bit | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Microsoft Windows 8 Enterprise x64 | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Microsoft Windows 8 Enterprise 32-bit | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Microsoft® Windows® for x64 | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Windows 7 Enterprise 32 bit | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Windows 7 Enterprise x64 | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Windows 7 Home Premium 32 bit | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Windows 7 Home Premium x64 | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Windows 7 Professional 32 bit | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Windows 7 Professional x64 | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Windows 7 Ultimate 32 bit | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Windows 7 Ultimate x64 | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
64-bit Enabled AIX | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
64-bit Enabled Solaris | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
HP-UX IPF | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Linux for x64 | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 | ||
Solaris for x64 | 9.4_M5 | 9.4_M6 | 9.4 TS1M5 | 9.4 TS1M6 |
An update for this issue is available for SAS Viya 3.4. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.4 for Windows Deployment Guide at
http://documentation.sas.com/?softwareId=administration&softwareVersion=3.4&softwareContextId=softwareUpdatesWinAn update for this issue is available for SAS Viya 3.4. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.4 for Linux Deployment Guide at
http://documentation.sas.com/?softwareId=administration&softwareVersion=3.4&softwareContextId=softwareUpdatesViya on Linux: An update for this issue is available for SAS Viya 3.4. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.4 for Linux Deployment Guide at
http://documentation.sas.com/?softwareId=administration&softwareVersion=3.4&softwareContextId=softwareUpdatesA fix for this issue for SAS Web Infrastructure Platform Data Server 9.4_M8 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/M1Y.html#61175A fix for this issue for SAS Web Infrastructure Platform Data Server 9.4_M7 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/I7F.html#61175A fix for this issue for SAS Web Infrastructure Platform Data Server 9.4_M6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/F6P.html#61175Type: | Problem Note |
Priority: | high |
Topic: | Data Management ==> Data Sources ==> External Databases ==> PostgreSQL |
Date Modified: | 2024-11-15 15:19:02 |
Date Created: | 2017-09-29 13:51:04 |