openSUSE Security Update : go (openSUSE-2016-907)
High Nessus Plugin ID 92596
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for go fixes the following issues :
- CVE-2015-5739: 'Content Length' treated as valid header
- CVE-2015-5740: Double content-length headers does not return 400 error
- CVE-2015-5741: Additional hardening, not sending Content-Length w/Transfer-Encoding, Closing connections
Go was updated to 1.4.3 with the following additional changes :
- build: remove -Werror from cmd/dist
- runtime: panic when accessing an empty struct value appended to an uninitialized slice
- runtime: garbage collector found invalid heap pointer iterating over map
SolutionUpdate the affected go packages.