MIR for intel-ipsec-mb
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
intel-ipsec-mb (Ubuntu) |
Invalid
|
Medium
|
Ubuntu Security Team | ||
Cosmic |
Invalid
|
Medium
|
Ubuntu Security Team | ||
Eoan |
Invalid
|
Medium
|
Ubuntu Security Team |
Bug Description
[ Ignore the Nominate for Bionic, that's not required ]
== Overview ==
Intel Multi-Buffer Crypto for IPsec Library is highly-optimized
software implementations of the core cryptographic processing for IPsec,
which provides industry-leading performance on a range of Intel(R) Processors.
For information on how to build and use this library, see the
Intel White Paper:
"Fast Multi-buffer IPsec Implementations on Intel Architecture Processors".
Jim Guilford, Sean Gulley, et. al.
== Answers to UbuntuMainInclu
= Requirements =
1. Availability
Package is in universe: https:/
2. Rationale
Intel-ipsec-mb is useful for projects that require core IPsec cryptographic processing
that is highly optimized and performant on x86-64 processors. Projects such as
DPDK (https:/
3. Security:
No security issues exposed so far. However, the tools have only been in Ubuntu since
early Mar 2018, so this currently a several weeks over the 90 days threshold.
4. Quality assurance:
* Manual is provided
* No debconf questions higher than medium
* No outstanding bugs. I'm also helping Intel fix issues that I'm finding with
static analysis tools such as scan-build, cppcheck and CoverityScan,
see: https:/
* Exotic Hardware: x86-64 support only, since this is hand optimized for this
specific architecture.
* No Test Suite shipped with the package
* Does not rely on obsolete or demoted packages
5. UI standards:
* This is a CLI tool. Tool has normal CLI style short help and man pages
* No desktop file required as it is a CLI tool.
6. Binary Dependencies:
* None
7. Standards compliance:
lintian clean and meets the FHS + Debian Policy standards to the best of my knowledge
8. Maintenance
* Package owning team: The Ubuntu Kernel Team
* Debian package maintained by Colin Ian King (myself from the Kernel Team)
9. Background Information
This provides an optimized IPSEC multiblock library.
Search in the National Vulnerability Database using the package as a keyword
* No CVEs found
http://
* No security advisories found
Ubuntu CVE Tracker
http://
* No
http://
* No
http://
* No
Check for security relevant binaries. If any are present, this
requires a more in-depth security review.
Executables which have the suid or sgid bit set.
* No.
Executables in /sbin, /usr/sbin.
* None in these paths, it's a library
Packages which install daemons (/etc/init.d/*)
* No
Packages which open privileged ports (ports < 1024).
* No
Add-ons and plugins to security-sensitive software (filters,
scanners, UI skins, etc)
* None
Changed in intel-ipsec-mb (Ubuntu): | |
importance: | Undecided → Medium |
description: | updated |
Changed in intel-ipsec-mb (Ubuntu): | |
milestone: | none → ubuntu-18.10 |
Changed in intel-ipsec-mb (Ubuntu Cosmic): | |
assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
Christian Ehrhardt (paelzer) also emailed me with this comment:
"one need that I know about is that DPDK will grow a dependency on intel-ipsec-mb to support their offloads. DPDK is in MAIN and this would be a component mismatch, therefore I'm glad to hear that you planned to file a MIR anyway.
This also gives it sort of a minimum timeframe - I'll need that for DPDK 18.11 which should show up in 19.04 around November/December this year - if until then the MIR on this could be done that would be great."