Reference Name: GHOST vulnerability (CVE 2015-0235)
Status: Resolved, patch is available
- 3-31-2015 – A patch is available and recommended
- 1-30-2015 – Initial acknowledgement
Description & Solution
March 31, 2015
A patch is now available for SAS® University Edition. Unless the user has made specific alterations to the SAS University Edition vApp that was downloaded, the vulnerability is minimal. However, SAS recommends that all users apply the latest update to their existing SAS University Edition vApp.
For more information, see How do I update the SAS University Edition vApp?.
January 30, 2015
SAS is aware of the GHOST vulnerability involving a weakness in the Linux glibc library that was announced January 27, 2015 (CVE 2015-0235). We are taking steps to ensure our servers are protected from attacks. We are also evaluating our portfolio of products so that we can recommend an appropriate course of action, if necessary.
We continue to encourage SAS customers who are working with an operating system vendor external to SAS to consult that vendor for any patches that have been made available.
We will continue to update this bulletin as we have more information to share with our customers. Bookmark this page and check back for updated information.