Description of the patch:
This update for kubevirt-1.6 fixes the following issues
Update to version 1.6.6, fixes various go embedded security issues:
- CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents
(bsc#1251420).
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in
response to a key listing or signing request (bsc#1253559).
- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds
read (bsc#1254014).
- CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption
(bsc#1253935).
- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by
html.ParseFragment when processing specially
crafted input (bsc#1251615).
- CVE-2026-7374: virt-handler: Privilege escalation and node compromise via symlink following vulnerability
(bsc#1265467).
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260234).
Release notes: https://github.com/kubevirt/kubevirt/releases/tag/v1.6.6