Installation Instructions for Hot Fix R76003

Solaris for x64


Hot fix R76003 addresses issue(s) in SAS Management Console 9.4_M2 on Solaris for x64.


The hot fix downloaded, R76003pt.zip, contains the updated files required to address the documented issues.
Do NOT extract the contents of R76003pt.zip. The hot fix installation process will extract the contents as needed.


IMPORTANT NOTES

  1. You must have SAS Management Console 9.4_M2 installed on your system before applying this hot fix. Refer to SN-35968 for instructions on how to determine which product releases you have installed.

  2. Files delivered in this hot fix will be backed up during the installation process. However, it is good general practice to back up your system before applying updates to software.

  3. You must have Administrator Privileges on your CLIENT or SERVER machine.

  4. All currently active SAS sessions, daemons, spawners and servers must be terminated before applying this hot fix.

  5. This hot fix should be installed using the same userid who performed the initial software installation.

  6. The application of this hotfix enables Cross Site Request Forgery (CSRF) protection by default in the SAS installation, resulting in a change in previous functionality. This hotfix enables protections so that requests are rejected which do not originate from sites belonging to a whitelist.The implications of this change are that the SAS installation is secure by default against browser-based CSRF attacks, but also that SAS web applications cannot be linked to from applications external to the SAS installation by default. If you link to a SAS application from a company intranet or portal page that is not hosted in the SAS installation, you will encounter access denied messages when clicking on those links. CSRF is a type of software attack whereby users are tricked into clicking on links on malicious pages that trigger unintended behavior in another site. Please see the OWASP Cross Site Request Forgery page for more information on this type of software attack: CSRF Threat


INSTALLATION

The R76003 hot fix for SAS Management Console 9.4_M2 will be installed using the SAS Deployment Manager. By default, the SAS Deployment Manager will search in the <SASHOME>/InstallMisc/HotFixes/New directory for hot fixes to be applied, but will also prompt for a location if you have downloaded hot fixes to a different directory.

After downloading R76003pt.zip, follow the instructions for applying hot fixes in the SAS Deployment Wizard and SAS Deployment Manager 9.4: User’s Guide.

The content of this hot fix is listed in the hot fix manifest.


POST-INSTALLATION INSTRUCTIONS

None



This completes the installation of hot fix R76003 on Solaris for x64.

Copyright 2015 SAS Institute Inc. All Rights Reserved.