Providing software solutions since 1976


Updates for Java Deserialization and Other Security Vulnerabilities

 

The following downloads address the Java Deserialization and Other Security Vulnerabilities as described on SAS Statement Regarding the Java Deserialization Vulnerability.

This page contains a security update and the hot fixes necessary to address Java deserialization and other security vulnerabilities. Before attempting to apply the security update or hot fixes on this page, read Addressing the Java Deserialization Vulnerability for SAS Software (sas-security-update-2017-09.pdf) in its entirety. This PDF describes the steps in the order they should be taken to update your SAS software.


SAS Security Update 2017-09

All Hosts Released: November 20, 2017     Documentation: sas-security-update-2017-09.pdf       Download: sas-security-update-2017-09.zip  
The SAS Security Update 2017-09 may be applied to any SAS Installation running SAS 9.4 regardless of maintenance release.

IMPORTANT:If you downloaded a SAS 9.4_M3 or higher order after November 20, 2017, the fixes in SAS Security Update 2017-09 are included in your order. The SAS Deployment Wizard will install SAS Security Update 2017-09 listed above during your software deployment or update. Customers who have downloaded and applied any SAS Security Update prior to November 20, 2017 should download and apply SAS Security Update 2017-09 to receive the most current security fixes.


Hot Fix Y09005 - Supplemental Hot Fix for SAS Security Update 2017-09

All Hosts Released: November 20, 2017     Documentation: Y09005pt.pdf      Download: Y09005pt.zip  

IMPORTANT (1): SAS Security Update 2017-09 (see above) must be applied before installing Y09005.

IMPORTANT (2): Please review Y09005pt.pdf to see the list of SAS Products that will be updated by Y09005. See SASNote 35968 for information on how to determine if you have these products installed as part of your SAS deployment.

IMPORTANT (3): If you downloaded a SAS Software order after November 20, 2017, and have any of the products listed in Y09005pt.pdf, the fixes in Y09005 are included in your order and will be automatically installed by the SAS Deployment Wizard.


Product Specific Hot Fixes


The SAS Hot Fix Analysis, Download and Deployment Tool (SASHFADD) can be used to identify and download product specific hot fixes for any security vulnerabilities that are applicable for your SAS Deployment. These hot fixes will be identified in the SASHFADD ANALYSIS_ Report by the reference to SASNote 58607.





PLEASE CAREFULLY READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT ("AGREEMENT") BEFORE DOWNLOADING MATERIALS FROM THIS SITE. BY DOWNLOADING ANY MATERIALS FROM THIS SITE, YOU ARE AGREEING TO THESE TERMS.
You are downloading software code ("Code") which will become part of a product ("Software") you currently have licensed from SAS Institute Inc. or one of its subsidiaries ("the Institute"). this Code is designed to either correct an error in the Software or to add functionality to the Software. The code is governed by the same agreement which governs the Software. If you do not have an existing agreement with the Institute governing the Software, you may not download the Code.
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are registered trademarks or trademarks of their respective companies.

Copyright © 2019 SAS Institute Inc. All Rights Reserved.