67666 - The SAS® 9.4 ODBC driver for the PostgreSQL database contains a component with known vulnerabilities

Problem Note 67666: The SAS® 9.4 ODBC driver for the PostgreSQL database contains a component with known vulnerabilities

Severity: Low

Description: The SAS 9.4 ODBC driver for PostgreSQL contains a component with known vulnerabilities. For details, see the following:

Potential Impact:

An attacker might gain unauthorized access to information (that is, unauthorized information disclosure can occur).
A server processes unencrypted bytes from a man-in-the-middle.
Removes outdated libcrypto-1_1.dll and libss-1_1.dll on W32 environments.
Relocates libssl.so.3 and libcrypto.so.3 from <SASHome>/SASODBCDriversfortheWebInfrastructurePlatformDataServer/9.4/Driver to <SASHome>/SASODBCDriversfortheWebInfrastructurePlatformDataServer/9.4/Driver/lib64 to avoid conflicts with other SAS solutions such as SAS^® Cost and Profitability Management. (SAS 9.4M8 LAX only)

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
Product Family	Product	System	Reported	Fixed*	Reported	Fixed*
SAS System	SAS Web Infrastructure Platform Data Server	Microsoft® Windows® for x64	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows 8 Enterprise 32-bit	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows 8 Enterprise x64	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows 8 Pro 32-bit	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows 8 Pro x64	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows 8.1 Enterprise 32-bit	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows 8.1 Enterprise x64	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows 8.1 Pro 32-bit	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows 8.1 Pro x64	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows 10	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows Server 2008	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows Server 2008 R2	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows Server 2008 for x64	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows Server 2012 Datacenter	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows Server 2012 R2 Datacenter	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows Server 2012 R2 Std	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows Server 2012 Std	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows Server 2016	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Microsoft Windows Server 2019	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Windows 7 Enterprise 32 bit	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Windows 7 Enterprise x64	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Windows 7 Home Premium 32 bit	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Windows 7 Home Premium x64	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Windows 7 Professional 32 bit	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Windows 7 Professional x64	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Windows 7 Ultimate 32 bit	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Windows 7 Ultimate x64	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		64-bit Enabled AIX	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		64-bit Enabled Solaris	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		HP-UX IPF	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Linux for x64	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7
		Solaris for x64	9.4_M6	9.4_M7	9.4 TS1M6	9.4 TS1M7

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

Type:	Problem Note
Priority:	high

Date Modified:	2023-10-09 17:10:36
Date Created:	2021-03-29 11:15:14

Support

Problem Note 67666: The SAS® 9.4 ODBC driver for the PostgreSQL database contains a component with known vulnerabilities

Operating System and Release Information