Severity: Medium
Description: The following versions of PostgreSQL are used as the underlying technology for the SAS Infrastructure Data Server in SAS Viya 3.5:
These versions of PostgreSQL have the following known security vulnerabilities:
Potential Impact:
SAS supports all versions of the database delivered with the product but only the latest version, PostgreSQL 15.x, continues to receive security fixes from the PostgreSQL community.
SAS recommends upgrading to PostgreSQL 15.x by following the instructions in Upgrading PostgreSQL in SAS Viya.
To determine whether you need a new order for this upgrade, you might need to reference the following:
SAS KB0037227, "Determine whether you need a new order for PostgreSQL 15 on SAS® Viya® 3.5 (Linux)"
SAS KB0037228, "Determine whether you need a new order for PostgreSQL 15 on SAS® Viya® 3.5 (Windows)"
After you upgrade PostgreSQL to 15.x and then update to 15.6 by applying this hot fix, all of these security concerns will be addressed.
Note: After the upgrade, the previous PostgreSQL binaries and RPMs will remain on the system and should not be removed. Removing them will cause the environment to become unstable because it has the potential to remove components of the SAS Infrastructure Data Server. They are also used in future upgrade checks.
Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.
Product Family | Product | System | Product Release | SAS Release | ||
Reported | Fixed* | Reported | Fixed* | |||
SAS System | SAS Viya | Linux for x64 | 3.5 | 3.5 | Viya | Viya |
Viya on Windows: An update for this issue is available for SAS Viya 3.5. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.5 for Windows Deployment Guide at
http://documentation.sas.com/?softwareId=administration&softwareVersion=3.5&softwareContextId=softwareUpdatesWinViya on Linux: An update for this issue is available for SAS Viya 3.5. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.5 for Linux Deployment Guide at
http://documentation.sas.com/?softwareId=administration&softwareVersion=3.5&softwareContextId=softwareUpdatesType: | Problem Note |
Priority: | high |
Date Modified: | 2024-10-21 15:46:37 |
Date Created: | 2020-04-28 12:36:42 |