openSUSE Security Update : go (openSUSE-2016-606)
Medium Nessus Plugin ID 91276
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis go update to version 1.6 fixes the following issues :
Security issues fixed :
- CVE-2016-3959: Infinite loop in several big integer routines (boo#974232)
- CVE-2015-8618: Carry propagation in Int.Exp Montgomery code in math/big library (boo#960151)
Bugs fixed :
- Update to version 1.6 :
- On Linux on little-endian 64-bit PowerPC (linux/ppc64le), Go 1.6 now supports cgo with external linking and is roughly feature complete.
- Vendoring support
- HTTP2 transparent support
- fix gc and gccgo incompatibility regarding embedded unexported struct types containing exported fields
- Linux on 64-bit MIPS and Android on 32-bit x86
- enforced rules for sharing Go pointers with C
- new mechanism for template reuse
- performance improvements ... and more! see more in https://tip.golang.org/doc/go1.6
- Updated to version 1.5.2: This release includes bug fixes to the compiler, linker, and the mime/multipart, net, and runtime packages.
- Updated to version 1.5.1: 	This release includes bug fixes to the go command, the compiler, assembler, and the fmt, net/textproto, net/http, and runtime packages.
- Update to version 1.5 :
- see https://golang.org/doc/go1.5
- install shared stdlib on x86_64
- add go.gdbinit for debug friendly
- Adapt to Leap
- use gcc5-go than go1.4 is the proper requirement for Leap
SolutionUpdate the affected go packages.