cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
epower
Quartz | Level 8 epower
Quartz | Level 8

Whats going on with updates?

Posted 03-14-2022 11:45 PM (1363 views)

Am I missing a place to stay up to date on release information? I was even manually going through hotfix announcement and everything is around VIYA and not touching 9.4

 

Anyone have insights? This is just a sliver of the security findings I'm having to deal with and there seems to be no fixes and M8 wont be available now until the end of the year...

 

Path              : /opt/local/sas/sas94/SASHome/SASWebServer/9.4/httpd-2.4.43/bin/httpd
  Installed version : 2.4.43
  Fixed version     : 2.4.46		 CVE-2020-11984 CVE-2020-11993 CVE-2020-9490 

 

Path              : /opt/local/sas/sas94/SASHome/SASWebServer/9.4/httpd-2.4.43/bin/httpd
  Installed version : 2.4.43
  Fixed version     : 2.4.47		 CVE-2019-17567 CVE-2020-13938 CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 
0 Likes
Reply
8 REPLIES 8
epower
Quartz | Level 8 epower
Quartz | Level 8

Re: Whats going on with updates?

Posted 03-15-2022 07:46 AM (1277 views)  |   In reply to alexal

Thanks for the response.. Looks like it does help but still pretty old if that's the latest update.

 

 

Path              : /opt/local/sas/sas94/SASHome/SASWebServer/9.4/httpd-2.4.43/bin/httpd
  Installed version : 2.4.43
  Fixed version     : 2.4.52		 CVE-2021-44224 CVE-2021-44790 
0 Likes
Reply
alexal
SAS Employee alexal
SAS Employee

Re: Whats going on with updates?

Posted 03-15-2022 09:20 AM (1256 views)  |   In reply to epower
Contact SAS Technical Support if you have any concerns

https://www.sas.com/en_us/contact/technical-support.html
0 Likes
Reply
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Whats going on with updates?

Posted 03-15-2022 09:30 AM (1249 views)  |   In reply to epower
SAS security updates can be found here:

https://support.sas.com/en/security-bulletins.html

The "SAS Security Update for SAS 9.4 Mx" (where x is your maintenance release) specifically might be of interest to you.
--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply
epower
Quartz | Level 8 epower
Quartz | Level 8

Re: Whats going on with updates?

Posted 03-15-2022 09:35 AM (1245 views)  |   In reply to gwootton

This is kind of my point... If you look there you see they barely have anything.. They speak about Log4J and thats about it.

0 Likes
Reply
Kurt_Bremser
Super User Kurt_Bremser
Super User

Re: Whats going on with updates?

Posted 03-15-2022 09:42 AM (1235 views)  |   In reply to epower

In my opinion, SAS (and their partner who provides httpd and tomcat) are EXTREMELY sloppy with security-updates for apache and tomcat. These should have their own hotfix downloads and these hotfixes have to be available at max a week (or so, the quicker, the better) after issued by the Apache Foundation themselves.

We had less security hassles when we used our own http/tomcat/boss.

Maxims of Maximally Efficient SAS Programmers
How to convert datasets to data steps
The macro for direct download as ZIP
How to post code
Please vote for Provide Sequential Search Capability for Hash Objects
How to deal with locked files on UNIX
0 Likes
Reply
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Whats going on with updates?

Posted 03-15-2022 09:52 AM (1227 views)  |   In reply to epower
The SAS Security Update for 9.4 M7 December release addresses 32 additional CVEs to the September release.

https://support.sas.com/content/support/en/security-bulletins/SAS-security-update-for-SAS94M7-TS1M7....
--
Greg Wootton | Principal Systems Technical Support Engineer
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 8 replies
  • ‎03-14-2022 11:45 PM
  • 1364 views
  • 2 likes
  • 5 in conversation