Description of the patch:
This update for google-guest-agent fixes the following issues
Security issues:
- CVE-2026-39821: Update golang.org/x/net/idna dependency (bsc#1266603).
- CVE-2026-39827: Update golang.org/x/crypto dependency (bsc#1266171).
- CVE-2026-39828: Update golang.org/x/crypto dependency (bsc#1266171).
- CVE-2026-39829: Update golang.org/x/crypto dependency (bsc#1266171).
- CVE-2026-39830: Update golang.org/x/crypto dependency (bsc#1266171).
- CVE-2026-39831: Update golang.org/x/crypto dependency (bsc#1266171).
- CVE-2026-39832: Update golang.org/x/crypto dependency (bsc#1266171).
- CVE-2026-39833: Update golang.org/x/crypto dependency (bsc#1266171).
- CVE-2026-39834: Update golang.org/x/crypto dependency (bsc#1266171).
- CVE-2026-39835: Update golang.org/x/crypto dependency (bsc#1266171).
- CVE-2026-42508: Update golang.org/x/crypto dependency (bsc#1266171).
- CVE-2026-46595: Update golang.org/x/crypto dependency (bsc#1266171).
- CVE-2026-46597: Update golang.org/x/crypto dependency (bsc#1266171).
- CVE-2026-46598: Update golang.org/x/crypto dependency (bsc#1266171).
- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236533).
- CVE-2024-45337: golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in
golang.org/x/crypto (bsc#1234563).
- CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh
(bsc#1239334).
- CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption
(bsc#1253889).
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260264).
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265762).
- CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can...