Severity: Medium

Description: For SAS^® 9.3 and SAS^® 9.4 in the z/OS and UNIX operating environments, the SSL capability in SAS^® Foundation products includes OpenSSL 1.0.2j, which contains security vulnerabilities. The vulnerabilities are described here: OpenSSL Security Advisory (02 Nov 2017)

Potential Impact: Under certain conditions, someone might be able to decrypt data.

Click the Hot Fix tab in this note to access the hot fix for this issue.

OpenSSL version 1.0.2n corrects the problem, and this version is available in the hot fix.

Operating System and Release Information

A fix for this issue for Base SAS 9.4_M5 is available at:

A fix for this issue for SAS/Secure SSL 9.41_M2 is available at:

A fix for this issue for Base SAS 9.4_M4 is available at:

A fix for this issue for SAS/Secure SSL 9.41_M1 is available at:

A fix for this issue for Base SAS 9.4_M3 is available at:

A fix for this issue for SAS/Secure SSL 9.4_M3 is available at:

A fix for this issue for Base SAS 9.4_M2 is available at:

A fix for this issue for SAS/Secure SSL 9.4_M2 is available at:

A fix for this issue for Base SAS 9.4_M1 is available at:

A fix for this issue for SAS/Secure SSL 9.4_M1 is available at:

A fix for this issue for Base SAS 9.4 is available at:

A fix for this issue for SAS/Secure SSL 9.4 is available at:

A fix for this issue for Base SAS 9.3_M2 is available at:

A fix for this issue for SAS/Secure SSL 9.3_M2 is available at:

A fix for this issue for Base SAS 9.3_M1 is available at:

A fix for this issue for SAS/Secure SSL 9.3_M1 is available at:

A fix for this issue for Base SAS 9.3 is available at:

A fix for this issue for SAS/Secure SSL 9.3 is available at: