62190 - OpenSSL vulnerabilities exist in the SAS® 9.4 Web Server (OpenSSL advisories through 27th March 2018)

Problem Note 62190: OpenSSL vulnerabilities exist in the SAS® 9.4 Web Server (OpenSSL advisories through 27th March 2018)

Severity: Medium

Description: SAS 9.4 Web Server includes OpenSSL 1.0.2l and earlier (dependent on the maintenance level of your SAS 9.4 software). OpenSSL 1.0.2l contains vulnerabilities per a March 27, 2018 advisory on the OpenSSL website.

Note: SAS 9.4 Web Server is part of the SAS^® 9.4 Integration Technologies middle tier. The web server is included with SAS^® BI Server, SAS^® Enterprise BI Server, SAS^® Visual Analytics, and any SAS^® solution that includes a middle tier.

Potential Impact: The server might be vulnerable to a Denial of Service attack.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
Product Family	Product	System	Reported	Fixed*	Reported	Fixed*
SAS System	SAS Web Server	Microsoft® Windows® for x64	9.4		9.4 TS1M0
		64-bit Enabled AIX	9.4		9.4 TS1M0
		64-bit Enabled Solaris	9.4		9.4 TS1M0
		HP-UX IPF	9.4		9.4 TS1M0
		Linux for x64	9.4		9.4 TS1M0
		Solaris for x64	9.4		9.4 TS1M0

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

A fix for this issue for SAS Web Server 9.44 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/B7Q.html#62190

A fix for this issue for SAS Web Server 9.43 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/A7F.html#62190

A fix for this issue for SAS Web Server 9.42 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/V75.html#62190

A fix for this issue for SAS Web Server 9.4_M2 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/S47.html#62190

A fix for this issue for SAS Web Server 9.4_M1 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/S48.html#62190

A fix for this issue for SAS Environment Manager 2.1_M1 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/S44.html#62190

A fix for this issue for SAS Web Server 9.4 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/S46.html#62190

A fix for this issue for SAS Environment Manager 2.1 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/S43.html#62190

Type:	Problem Note
Priority:	high

Date Modified:	2018-06-08 16:01:41
Date Created:	2018-04-24 11:09:47

Support

Problem Note 62190: OpenSSL vulnerabilities exist in the SAS® 9.4 Web Server (OpenSSL advisories through 27th March 2018)

Operating System and Release Information