Not to be fixed
Created: Oct 18, 2012
Updated: Apr 19, 2018
Resolved Date: Apr 17, 2018
Previous ID: LIN4-19689
Found In Version: 6.0
Severity: Severe
Applicable for: Wind River Linux 6
Component/s: Userspace
Problem Description
======================
openssl add a redunant and harmful CVE-2009-3555 patch.
our openssl version is 1.0.0 in wrlinux-4.3, it has the follow description:
*) Implement RFC5746. Re-enable renegotiation but require the extension
as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
turns out to be a bad idea. It has been replaced by
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
SSL_CTX_set_options(). This is really not recommended unless you
know what you are doing.
So, the cve patch is redunant and harmful.
Expected Behavior
======================
No
Observed Behavior
======================
No
Logs(Key error logs)
======================
No
No reproduce steps,
but read the code, found the function has been replaced new function code.
So, confirm the patch is redundant and harmful.