Providing software solutions since 1976


Updates for Java Deserialization Vulnerability

 

The following downloads address the Java Deserialization Vulnerability as described on SAS Statement Regarding the Java Deserialization Vulnerability.

This page contains a security update and the hot fixes necessary to address the Java deserialization vulnerability. Before attempting to apply the security update or hot fixes on this page, read Addressing the Java Deserialization Vulnerability for SAS Software (sas-security-update-2016-02.pdf) in its entirety. This PDF describes the steps in the order they should be taken to update your SAS software.


SAS Security Update 2016-02

All Hosts Released: May 4, 2016     Documentation: sas-security-update-2016-02.pdf       Download: sas-security-update-2016-02.zip  

The SAS Security Update 2016-02 may be applied to any SAS Installation running SAS 9.4 regardless of maintenance release.

IMPORTANT (1): If you downloaded a SAS 9.4_M3 order for Ship Event 16w17 or later (after June 1, 2016), the fixes in SAS Security Update 2016-02 are included in your order. You do not need to run sas-security-update-2016-02.


Hot Fix Y09002 - Supplemental Hot Fix for SAS Security Update 2016-02

All Hosts Released: May 4, 2016     Documentation: Y09002pt.pdf      Download: Y09002pt.zip  

IMPORTANT (1): SAS Security Update 2016-02 (see above) must be applied before installing Y09002.

IMPORTANT (2): Please review Y09002pt.pdf to see the list of SAS Products that will be updated by Y09002. See SASNote 35968 for information on how to determine if you have these products installed as part of your SAS deployment.

IMPORTANT (3): If you downloaded a SAS 9.4_M3 order after April 28, 2016, the fixes in Y09002 are included in your order. You do not need to run Y09002.


Hot Fix V77007 for SAS Web Server 9.4_M3

Windows for x64 Released: June 5, 2016      Documentation: V77007x6.html D       Download: V77007pt.zip  
64-bit Enabled Solaris Released: June 5, 2016      Documentation: V77007s6.html D       Download: V77007pt.zip  
64-bit Enabled AIX Released: June 5, 2016      Documentation: V77007r6.html D       Download: V77007pt.zip  
HP-UX IPF Released: June 5, 2016      Documentation: V77007hx.html D       Download: V77007pt.zip  
Linux for x64 Released: June 5, 2016      Documentation: V77007la.html D       Download: V77007pt.zip  
Solaris for x64 Released: June 5, 2016      Documentation: V77007sx.html D       Download: V77007pt.zip  

D indicates that the Documentation has special pre-installation, post-installation or other unique instructions not commonly used for hot fix deployment.

IMPORTANT: Please review the V77007 - SAS Web Server 9.4_M3 Hot Fix Download Page for a list of additional issues addressed by hot fix V77007.


Hot Fix S47006 for SAS Web Server 9.4_M2

Windows for x64 Released: June 1, 2016      Documentation: S47006x6.html D       Download: S47006pt.zip  
64-bit Enabled Solaris Released: June 1, 2016      Documentation: S47006s6.html D       Download: S47006pt.zip  
64-bit Enabled AIX Released: June 1, 2016      Documentation: S47006r6.html D       Download: S47006pt.zip  
HP-UX IPF Released: June 1, 2016      Documentation: S47006hx.html D       Download: S47006pt.zip  
Linux for x64 Released: June 1, 2016      Documentation: S47006la.html D       Download: S47006pt.zip  
Solaris for x64 Released: June 1, 2016      Documentation: S47006sx.html D       Download: S47006pt.zip  

D indicates that the Documentation has special pre-installation, post-installation or other unique instructions not commonly used for hot fix deployment.

IMPORTANT: Please review the S47006 - SAS Web Server 9.4_M2 Hot Fix Download Page for a list of additional issues addressed by hot fix S47006.


Hot Fix S48005 for SAS Web Server 9.4_M1

Windows for x64 Released: June 10, 2016      Documentation: S48005x6.html D       Download: S48005pt.zip  
64-bit Enabled Solaris Released: June 10, 2016      Documentation: S48005s6.html D       Download: S48005pt.zip  
64-bit Enabled AIX Released: June 10, 2016      Documentation: S48005r6.html D       Download: S48005pt.zip  
HP-UX IPF Released: June 10, 2016      Documentation: S48005hx.html D       Download: S48005pt.zip  
Linux for x64 Released: June 10, 2016      Documentation: S48005la.html D       Download: S48005pt.zip  
Solaris for x64 Released: June 10, 2016      Documentation: S48005sx.html D       Download: S48005pt.zip  

D indicates that the Documentation has special pre-installation, post-installation or other unique instructions not commonly used for hot fix deployment.

IMPORTANT: Please review the S48005 - SAS Web Server 9.4_M1 Hot Fix Download Page for a list of additional issues addressed by hot fix S48005.


Hot Fix S46004 for SAS Web Server 9.4_M0

Windows for x64 Released: June 15, 2016      Documentation: S46004x6.html D       Download: S46004pt.zip  
64-bit Enabled Solaris Released: June 15, 2016      Documentation: S46004s6.html D       Download: S46004pt.zip  
64-bit Enabled AIX Released: June 15, 2016      Documentation: S46004r6.html D       Download: S46004pt.zip  
HP-UX IPF Released: June 15, 2016      Documentation: S46004hx.html D       Download: S46004pt.zip  
Linux for x64 Released: June 15, 2016      Documentation: S46004la.html D       Download: S46004pt.zip  
Solaris for x64 Released: June 15, 2016      Documentation: S46004sx.html D       Download: S46004pt.zip  

D indicates that the Documentation has special pre-installation, post-installation or other unique instructions not commonly used for hot fix deployment.

IMPORTANT: Please review the S46004 - SAS Web Server 9.4_M0 Hot Fix Download Page for a list of additional issues addressed by hot fix S46004.


PLEASE CAREFULLY READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT ("AGREEMENT") BEFORE DOWNLOADING MATERIALS FROM THIS SITE. BY DOWNLOADING ANY MATERIALS FROM THIS SITE, YOU ARE AGREEING TO THESE TERMS.
You are downloading software code ("Code") which will become part of a product ("Software") you currently have licensed from SAS Institute Inc. or one of its subsidiaries ("the Institute"). This Code is designed to either correct an error in the Software or to add functionality to the Software. The code is governed by the same agreement which governs the Software. If you do not have an existing agreement with the Institute governing the Software, you may not download the Code.
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are registered trademarks or trademarks of their respective companies.
Copyright © 2016 SAS Institute Inc. All Rights Reserved.