Problem Note 64003: OpenSSL vulnerabilities exist in the Secure Sockets Layer (SSL) capability in SAS® Foundation products (OpenSSL advisories through 26 February 2019)
Severity: Medium
Description: For SAS® 9.3 and SAS® 9.4 in the z/OS and UNIX operating environments, the SSL capability in SAS® Foundation products includes OpenSSL 1.0.2n. This version of OpenSSL contains security vulnerabilities per a February 26, 2019 advisory on the OpenSSL website.
Potential Impact: Under certain conditions, someone might be able to decrypt data.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
SAS System | SAS Foundation | z/OS 64-bit | 9.3 TS1M0 | |
64-bit Enabled AIX | 9.3 TS1M0 | |
64-bit Enabled HP-UX | 9.3 TS1M0 | |
64-bit Enabled Solaris | 9.3 TS1M0 | |
HP-UX IPF | 9.3 TS1M0 | |
Linux | 9.3 TS1M0 | |
Linux for x64 | 9.3 TS1M0 | |
Solaris for x64 | 9.3 TS1M0 | |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | high |
Date Modified: | 2019-04-30 13:28:49 |
Date Created: | 2019-04-09 10:51:49 |