Security update for go
This update for go fixes the following issues:
- CVE-2015-5739: "Content Length" treated as valid header
- CVE-2015-5740: Double content-length headers does not return 400 error
- CVE-2015-5741: Additional hardening, not sending Content-Length w/Transfer-Encoding, Closing connections
Go was updated to 1.4.3 with the following additional changes:
- build: remove -Werror from cmd/dist
- runtime: panic when accessing an empty struct value appended to an uninitialized slice
- runtime: garbage collector found invalid heap pointer iterating over map
- Submitted by Marguerite Su (MargueriteSu)
Fixed bugs
bnc#989630
VUL-0: CVE-2015-5739,CVE-2015-5740,CVE-2015-5741: go: HTTP request smuggling in net/http library