openSUSE Security Update : go (openSUSE-2016-907)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for go fixes the following issues :

- CVE-2015-5739: 'Content Length' treated as valid header

- CVE-2015-5740: Double content-length headers does not
return 400 error

- CVE-2015-5741: Additional hardening, not sending
Content-Length w/Transfer-Encoding, Closing connections

Go was updated to 1.4.3 with the following additional changes :

- build: remove -Werror from cmd/dist

- runtime: panic when accessing an empty struct value
appended to an uninitialized slice

- runtime: garbage collector found invalid heap pointer
iterating over map

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=989630

Solution :

Update the affected go packages.

Risk factor :

Medium

Family: SuSE Local Security Checks

Nessus Plugin ID: 92596 ()

Bugtraq ID:

CVE ID: CVE-2015-5739
CVE-2015-5740
CVE-2015-5741

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now