This update addresses a security issue affecting code statically linked with go:

- CVE-2016-5386: A remote attacker could set the HTTP_PROXY environment variable via Proxy header (bsc#988487)