Problem Note 64003: OpenSSL vulnerabilities exist in the Secure Sockets Layer (SSL) capability in SAS® Foundation products (OpenSSL advisories through 26 February 2019)
 |  |  |  |  |
Severity: Medium
Description: For SAS® 9.3 and SAS® 9.4 in the z/OS and UNIX operating environments, the SSL capability in SAS® Foundation products includes OpenSSL 1.0.2n. This version of OpenSSL contains security vulnerabilities per a February 26, 2019 advisory on the OpenSSL website.
Potential Impact: Under certain conditions, someone might be able to decrypt data.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | SAS Foundation | z/OS 64-bit | 9.3 TS1M0 | |
| 64-bit Enabled AIX | 9.3 TS1M0 | |||
| 64-bit Enabled HP-UX | 9.3 TS1M0 | |||
| 64-bit Enabled Solaris | 9.3 TS1M0 | |||
| HP-UX IPF | 9.3 TS1M0 | |||
| Linux | 9.3 TS1M0 | |||
| Linux for x64 | 9.3 TS1M0 | |||
| Solaris for x64 | 9.3 TS1M0 | |||
A fix for this issue for Base SAS 9.4_M6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/D9T.html#64003A fix for this issue for SAS/Secure SSL 9.41_M3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E8W.html#64003| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2019-04-30 13:28:49 |
| Date Created: | 2019-04-09 10:51:49 |