Installation Instructions for Hot Fix R76003
Solaris for x64
Hot fix R76003 addresses issue(s) in SAS Management Console 9.4_M2 on Solaris for x64.
The hot fix downloaded, R76003pt.zip, contains the updated files required to address
the documented issues.
Do NOT extract the contents of R76003pt.zip. The hot fix installation process will extract
the contents as needed.
IMPORTANT NOTES
-
You must have SAS Management Console 9.4_M2 installed on your system before applying this hot fix.
Refer to SN-35968 for instructions on how to determine which product releases you have installed.
-
Files delivered in this hot fix will be backed up during the installation process.
However, it is good general practice to back up your system before applying updates
to software.
-
You must have Administrator Privileges on your CLIENT or SERVER machine.
-
All currently active SAS sessions, daemons, spawners and servers must be terminated
before applying this hot fix.
- This hot fix should be installed using the same userid who performed the initial
software installation.
-
The application of this hotfix enables Cross Site Request Forgery (CSRF) protection by default in the SAS installation, resulting in a change
in previous functionality.
This hotfix enables protections so that requests are rejected which do not originate from sites belonging to a whitelist.The implications of this change are that the SAS installation is secure by default against browser-based CSRF attacks, but also that SAS web applications cannot be linked to from applications external to the SAS installation by default. If you link to a SAS application from a company intranet or portal page that is not hosted in the SAS installation, you will encounter access denied messages when clicking on those links.
CSRF is a type of software attack whereby users are tricked into clicking on links on malicious pages that trigger unintended behavior in another site.
Please see the OWASP Cross Site Request Forgery page for more information on this type of software attack:
CSRF Threat
INSTALLATION
The R76003 hot fix for SAS Management Console 9.4_M2 will be installed using the SAS Deployment Manager.
By default, the SAS Deployment Manager will search in the <SASHOME>/InstallMisc/HotFixes/New directory for hot
fixes to be applied, but will also prompt for a location if you have downloaded hot fixes to a different
directory.
After downloading R76003pt.zip, follow the instructions for applying hot fixes in the
SAS Deployment Wizard and SAS Deployment Manager 9.4: User’s Guide.
The content of this hot fix is listed in the hot fix manifest.
POST-INSTALLATION INSTRUCTIONS
None
This completes the installation of hot fix R76003 on Solaris for x64.
Copyright 2015 SAS Institute Inc. All Rights Reserved.