Merge pull request #621 from dm0-/glsa

bump(metadata/glsa): sync with upstream
2025-08-17 18:06:59 +02:00 · 2017-11-11 23:13:22 -05:00 · 2017-11-11 23:13:22 -05:00 · 347a77161c
commit 347a77161c
parent 5bd3d43f57 f6b720db55
11 changed files with 741 additions and 2 deletions
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-02.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-02.xml
@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-02">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2017-11-10</announced>
+  <revised>2017-11-10: 2</revised>
+  <bug>635556</bug>
+  <bug>636800</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">62.0.3202.89</unaffected>
+      <vulnerable range="lt">62.0.3202.89</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">62.0.3202.89</unaffected>
+      <vulnerable range="lt">62.0.3202.89</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifier and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attack may be able to execute arbitrary code, cause a Denial of
+      Service condition, or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-62.0.3202.89"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-62.0.3202.89"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15396">
+      CVE-2017-15396
+    </uri>
+    <uri link="https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html">
+      Google Chrome Releases
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15398">
+      CVE-2017-15398
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15399">
+      CVE-2017-15399
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-29T17:15:37Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-11-10T16:09:08Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-03.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-03.xml
@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-03">
+  <title>hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks</title>
+  <synopsis>A flaw was discovered in the 4-way handshake in hostapd and
+    wpa_supplicant that allows attackers to conduct a Man in the Middle attack.
+  </synopsis>
+  <product type="ebuild">hostapd,wpa_supplicant</product>
+  <announced>2017-11-10</announced>
+  <revised>2017-11-10: 1</revised>
+  <bug>634436</bug>
+  <bug>634438</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-wireless/hostapd" auto="yes" arch="*">
+      <unaffected range="ge">2.6-r1</unaffected>
+      <vulnerable range="lt">2.6-r1</vulnerable>
+    </package>
+    <package name="net-wireless/wpa_supplicant" auto="yes" arch="*">
+      <unaffected range="ge">2.6-r3</unaffected>
+      <vulnerable range="lt">2.6-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE
+      802.11i / RSN). hostapd is a user space daemon for access point and
+      authentication servers.
+    </p>
+  </background>
+  <description>
+    <p>WiFi Protected Access (WPA and WPA2) and it’s associated technologies
+      are all vulnerable to the KRACK attacks. Please review the referenced CVE
+      identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker can carry out the KRACK attacks on a wireless network in
+      order to gain access to network clients. Once achieved, the attacker can
+      potentially harvest confidential information (e.g. HTTP/HTTPS), inject
+      malware, or perform a myriad of other attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All hostapd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-wireless/hostapd-2.6-r1"
+    </code>
+    
+    <p>All wpa_supplicant users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-wireless/wpa_supplicant-2.6-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13077">
+      CVE-2017-13077
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13078">
+      CVE-2017-13078
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13079">
+      CVE-2017-13079
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13080">
+      CVE-2017-13080
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13081">
+      CVE-2017-13081
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13082">
+      CVE-2017-13082
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13084">
+      CVE-2017-13084
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13086">
+      CVE-2017-13086
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13087">
+      CVE-2017-13087
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13088">
+      CVE-2017-13088
+    </uri>
+    <uri link="https://www.krackattacks.com/">KRACK Attacks Website</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-26T21:01:58Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-11-10T22:39:05Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-04.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-04.xml
@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-04">
+  <title>MariaDB, MySQL: Root privilege escalation</title>
+  <synopsis>A vulnerability was discovered in MariaDB and MySQL which may allow
+    local users to gain root privileges.
+  </synopsis>
+  <product type="ebuild">mariadb,mysql</product>
+  <announced>2017-11-10</announced>
+  <revised>2017-11-10: 1</revised>
+  <bug>635704</bug>
+  <bug>635706</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/mariadb" auto="yes" arch="*">
+      <unaffected range="ge">10.0.30-r1</unaffected>
+      <vulnerable range="lt">10.0.30-r1</vulnerable>
+    </package>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.6.36-r1</unaffected>
+      <vulnerable range="lt">5.6.36-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
+      enhanced, drop-in replacement for MySQL.
+    </p>
+  </background>
+  <description>
+    <p>The Gentoo installation scripts before 2017-09-29 have chown calls for
+      user-writable directory trees, which allows local users to gain
+      privileges by leveraging access to the mysql account for creation of a
+      link.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges to root.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MariaDB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.0.30-r1"
+    </code>
+    
+    <p>All MySQL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.6.36-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15945">
+      CVE-2017-15945
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-28T18:23:53Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-11-10T22:46:58Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-05.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-05.xml
@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-05">
+  <title>X.Org Server: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in X.Org Server, the worst
+    of which could allow an attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">xorg-server</product>
+  <announced>2017-11-10</announced>
+  <revised>2017-11-10: 1</revised>
+  <bug>635974</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.19.5</unaffected>
+      <vulnerable range="lt">1.19.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The X.Org project provides an open source implementation of the X Window
+      System.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in X.Org Server. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Attackers could execute arbitrary code or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is now know workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.19.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12176">
+      CVE-2017-12176
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12177">
+      CVE-2017-12177
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12178">
+      CVE-2017-12178
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12179">
+      CVE-2017-12179
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12180">
+      CVE-2017-12180
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12181">
+      CVE-2017-12181
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12182">
+      CVE-2017-12182
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12183">
+      CVE-2017-12183
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-10T01:36:08Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-11-10T23:06:09Z">jmbailey</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-06.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-06.xml
@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-06">
+  <title>GNU Wget: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wget, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">wget</product>
+  <announced>2017-11-11</announced>
+  <revised>2017-11-11: 1</revised>
+  <bug>635496</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/wget" auto="yes" arch="*">
+      <unaffected range="ge">1.19.1-r2</unaffected>
+      <vulnerable range="lt">1.19.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Wget is a free software package for retrieving files using HTTP,
+      HTTPS and FTP, the most widely-used Internet protocols.
+    </p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wget. Please review the
+      referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to connect to a malicious server,
+      could remotely execute arbitrary code or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wget users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.19.1-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13089">
+      CVE-2017-13089
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13090">
+      CVE-2017-13090
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-10T01:10:29Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-11-11T13:50:38Z">jmbailey</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-07.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-07.xml
@ -0,0 +1,195 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-07">
+  <title>ImageMagick: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ImageMagick, the worst
+    of which may allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">imagemagick</product>
+  <announced>2017-11-11</announced>
+  <revised>2017-11-11: 1</revised>
+  <bug>626454</bug>
+  <bug>626906</bug>
+  <bug>627036</bug>
+  <bug>628192</bug>
+  <bug>628490</bug>
+  <bug>628646</bug>
+  <bug>628650</bug>
+  <bug>628700</bug>
+  <bug>628702</bug>
+  <bug>629354</bug>
+  <bug>629482</bug>
+  <bug>629576</bug>
+  <bug>629932</bug>
+  <bug>630256</bug>
+  <bug>630458</bug>
+  <bug>630674</bug>
+  <bug>635200</bug>
+  <bug>635664</bug>
+  <bug>635666</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">6.9.9.20</unaffected>
+      <vulnerable range="lt">6.9.9.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A collection of tools and libraries for many image formats.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ImageMagick. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, by enticing a user to process a specially crafted
+      file, could obtain sensitive information, cause a Denial of Service
+      condition, or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ImageMagick users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.9.9.20"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11640">
+      CVE-2017-11640
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11724">
+      CVE-2017-11724
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12140">
+      CVE-2017-12140
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12418">
+      CVE-2017-12418
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12427">
+      CVE-2017-12427
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12691">
+      CVE-2017-12691
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12692">
+      CVE-2017-12692
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12693">
+      CVE-2017-12693
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12876">
+      CVE-2017-12876
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12877">
+      CVE-2017-12877
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12983">
+      CVE-2017-12983
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13058">
+      CVE-2017-13058
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13059">
+      CVE-2017-13059
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13060">
+      CVE-2017-13060
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13061">
+      CVE-2017-13061
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13062">
+      CVE-2017-13062
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13131">
+      CVE-2017-13131
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13132">
+      CVE-2017-13132
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13133">
+      CVE-2017-13133
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13134">
+      CVE-2017-13134
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13139">
+      CVE-2017-13139
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13140">
+      CVE-2017-13140
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13141">
+      CVE-2017-13141
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13142">
+      CVE-2017-13142
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13143">
+      CVE-2017-13143
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13144">
+      CVE-2017-13144
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13145">
+      CVE-2017-13145
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13146">
+      CVE-2017-13146
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13758">
+      CVE-2017-13758
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13768">
+      CVE-2017-13768
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13769">
+      CVE-2017-13769
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14060">
+      CVE-2017-14060
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14137">
+      CVE-2017-14137
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14138">
+      CVE-2017-14138
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14139">
+      CVE-2017-14139
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14172">
+      CVE-2017-14172
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14173">
+      CVE-2017-14173
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14174">
+      CVE-2017-14174
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14175">
+      CVE-2017-14175
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14224">
+      CVE-2017-14224
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14248">
+      CVE-2017-14248
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14249">
+      CVE-2017-14249
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15281">
+      CVE-2017-15281
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-28T18:03:58Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-11-11T14:15:36Z">jmbailey</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-08.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-08.xml
@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-08">
+  <title>LibXfont, LibXfont2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibXfont and Libxfont2,
+    the worst of which could allow attackers to cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">libxfont,libxfont2</product>
+  <announced>2017-11-11</announced>
+  <revised>2017-11-11: 1</revised>
+  <bug>634044</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-libs/libXfont2" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2</unaffected>
+      <vulnerable range="lt">2.0.2</vulnerable>
+    </package>
+    <package name="x11-libs/libXfont" auto="yes" arch="*">
+      <unaffected range="ge">1.5.3</unaffected>
+      <vulnerable range="lt">1.5.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>X.Org Xfont library</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibXfont and LibXfont2.
+      Please review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Local attackers could obtain sensitive information or possibly cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibXfont2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXfont2-2.0.2"
+    </code>
+    
+    <p>All LibXfont users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libXfont-1.5.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13720">
+      CVE-2017-13720
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13722">
+      CVE-2017-13722
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-04T15:44:47Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-11-11T15:02:42Z">jmbailey</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-09.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-09.xml
@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-09">
+  <title>LXC: Remote security bypass</title>
+  <synopsis>A vulnerability in LXC may lead to an unauthorized security bypass.</synopsis>
+  <product type="ebuild">lxc</product>
+  <announced>2017-11-11</announced>
+  <revised>2017-11-11: 1</revised>
+  <bug>636386</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/lxc" auto="yes" arch="*">
+      <unaffected range="ge">2.0.7</unaffected>
+      <vulnerable range="lt">2.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LinuX Containers userspace utilities</p>
+  </background>
+  <description>
+    <p>Previous versions of lxc-attach ran a shell or the specified command
+      without allocating a pseudo terminal making it vulnerable to input faking
+      via a TIOCSTI ioctl call.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers can escape the container and perform unauthorized
+      modifications.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no know workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LXC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/lxc-2.0.7"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10124">
+      CVE-2016-10124
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-08T15:29:35Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-11-11T15:11:34Z">jmbailey</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-10.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201711-10.xml
@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201711-10">
+  <title>Cacti: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Cacti, the worst of
+    which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">cacti</product>
+  <announced>2017-11-11</announced>
+  <revised>2017-11-11: 1</revised>
+  <bug>607732</bug>
+  <bug>626828</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge" slot="1.1.20">1.1.20</unaffected>
+      <vulnerable range="lt" slot="1.1.20">1.1.20</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Cacti is a complete frontend to rrdtool.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Cacti. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary code or bypass intended access
+      restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Cacti users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-analyzer/cacti-1.1.20:1.1.20"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4000">
+      CVE-2014-4000
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2313">
+      CVE-2016-2313
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12065">
+      CVE-2017-12065
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-05T17:08:33Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-11-11T19:58:06Z">jmbailey</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
@ -1 +1 @@
-Fri, 10 Nov 2017 14:38:58 +0000
+Sun, 12 Nov 2017 03:09:03 +0000
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
@ -1 +1 @@
-4ad72e046fa706e5fe66f5299894eb730f6b5bba 1510281582 2017-11-10T02:39:42+00:00
+711052638906820458ee7059a25ac28c7e04ad40 1510430325 2017-11-11T19:58:45+00:00