diff --git a/0001-fix-CVE-2024-4076.patch b/0001-fix-CVE-2024-4076.patch
deleted file mode 100644
index ec90443e5d3a2c7293f243f7e2c9e2f17a1c995f..0000000000000000000000000000000000000000
--- a/0001-fix-CVE-2024-4076.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 719070491c15fb9879b384d0a725fb0a76686894 Mon Sep 17 00:00:00 2001
-From: PeilinHe <he.peilin@zte.com.cn>
-Date: Wed, 4 Sep 2024 09:43:38 +0000
-Subject: [PATCH] fix CVE-2024-4076
-
----
- CHANGES                     | 3 +++
- doc/notes/notes-9.18.27.rst | 6 ++++++
- lib/ns/query.c              | 1 +
- 3 files changed, 10 insertions(+)
-
-diff --git a/CHANGES b/CHANGES
-index 598feff..2149495 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -1,4 +1,7 @@
- 	--- 9.18.27 released ---
-+6375.	[security]	qctx-zversion was not being cleared when it should have
-+			been leading to an assertion failure if it needed to be
-+			reused. (CVE-2024-4076) [GL #4507]
- 
- 6374.	[bug]		Skip to next RRSIG if signature has expired or is in
- 			the future rather than failing immediately. [GL #4586]
-diff --git a/doc/notes/notes-9.18.27.rst b/doc/notes/notes-9.18.27.rst
-index ff8c6cc..137c9b3 100644
---- a/doc/notes/notes-9.18.27.rst
-+++ b/doc/notes/notes-9.18.27.rst
-@@ -12,6 +12,12 @@
- Notes for BIND 9.18.27
- ----------------------
- 
-+Security Fixes
-+~~~~~~~~~~~~~~
-+- Due to a logic error, lookups that trigger serving stale data and require
-+    lookups in local authoritative zone data may result in an assertion failure.
-+      This has been fixed. :cve:`2024-4076` :gl:`#4507`
-+
- New Features
- ~~~~~~~~~~~~
- 
-diff --git a/lib/ns/query.c b/lib/ns/query.c
-index 537d332..be4cbb6 100644
---- a/lib/ns/query.c
-+++ b/lib/ns/query.c
-@@ -5325,6 +5325,7 @@ qctx_freedata(query_ctx_t *qctx) {
- 		ns_client_releasename(qctx->client, &qctx->zfname);
- 		dns_db_detachnode(qctx->zdb, &qctx->znode);
- 		dns_db_detach(&qctx->zdb);
-+		qctx->zversion = NULL;
- 	}
- 
- 	if (qctx->event != NULL && !qctx->client->nodetach) {
--- 
-2.25.1
-
diff --git a/bind-9.18.27.tar.xz.asc b/bind-9.18.27.tar.xz.asc
deleted file mode 100644
index 4dc535f1f1d75bbc36bf9a104e64eb94f5f9e6ee..0000000000000000000000000000000000000000
--- a/bind-9.18.27.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmY6DEcACgkQUQpkKgbF
-LOwbQQ/7B3netZ0er8j5iMfTsalXKrgdTafhwN5SEQdZuxWKFBiuGZmydiDUqr9i
-YMyAhpsf3+uHGtvn5NeDkp2J+RDwZW5qqv+o+cjTVso0VbrzRmnhkSXagV1++10i
-rZtHNGp4cFXU6nSXczsWSPhE51vKCvMxqA0xPONRpnczto8yw+GYhgaoCeOdO0Y9
-k+ZoeUgVyEK4KGg60RvxqEchA7T883BZD9zUCr1/E9DwTqUAe22CfQ6j6IXIq5Cl
-cFYqgy1AcG+YvVFhwaA0PPBW+b+RevXW7FRILQ/oELwyjZrMjS+3Z0uATPy7AjL+
-Zkh22BPsAQebSsUAbX6p59I8XyxzdxJwMXSC/jYaIhknFLvC4v6L3QlGOpY7DviD
-v03n6a2n0PdXdm1WzbG8S+hcVNrlzXqaYT4HAFjrBpTWvvRP3+JXel7OLSRDDuyQ
-J5Y6nZiMLnhAmN2QfqM5vFXHgEACN8zHC1vYoPdmMScWFiW1d48Q4RKvY1oVmSJZ
-c/4ZCqZMOZXbe+6gvYO8xJXBTveX/inS4no05JNork2s7gkr/hcGk2NDly8+yTIx
-STdiOHtcKyuv0YV1yfY5WFN9i0nHQsbrcpsmWVNyX/zqle3Qjg4d4zBhqUryDDX6
-XaIE7cWt26h98U4Hzx1Iq9jhnlqERUY+AX+8w1q2zZ2VjXKcNV8=
-=YjPE
------END PGP SIGNATURE-----
diff --git a/bind-9.18.27.tar.xz b/bind-9.18.28.tar.xz
similarity index 43%
rename from bind-9.18.27.tar.xz
rename to bind-9.18.28.tar.xz
index ab7f08c0ad6ddd7f12ac643b76d004f779f0e55e..df7ea7ff417708a7ef8750f479caf567d5b7b96f 100644
Binary files a/bind-9.18.27.tar.xz and b/bind-9.18.28.tar.xz differ
diff --git a/bind-9.18.28.tar.xz.asc b/bind-9.18.28.tar.xz.asc
new file mode 100644
index 0000000000000000000000000000000000000000..3c11d42a4812256257f6d63c6b17c4e53aa62edf
--- /dev/null
+++ b/bind-9.18.28.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmaNOycACgkQUQpkKgbF
+LOzpUhAAlPQdWnR29yRHE1uCULm5AaLK6mrneUqhLYNWCvuMjNjyQrhxlyv6YUYQ
+RVpFoIiE6eeJ1LRpviEIbaMdRVUNc8GahsPz4kaiYrYo4pXTzEDE4UwRJy4Ed2vB
+Pk7UYb8IHtl0BkmTixC4N244nzy9TctoGX/K2d0dhPonlM5pxjezg/qQkSpJDjgi
+ZW5CJjocr9DClUIy7oGUOh3ywScfgHZRUndj1rMjmPdgZ2EuGXhgUemFy2kxxE9I
+9juSMqNlpw1XOyjWoaMWQfIQXty2dWrVfoH3cm9Fw1SaO2jQkiFvhE33UxdneKGk
+yGEaS7iYd1tV3zJejBiAcMHHqIdtCUDHqF3oXraL3C3XNGgdvLLL0ZsoAsRIjYDS
+YqjKMJ1eYHItOroIsu7ZgWR6W+tCclEok8vl4QhFNqxMqcj7swYd3uFaVstKVWso
+w4ReTHnZ5hPVyPaCiSDpkHBp9+L0IWSaZVho4RcnOw1DydEzSDjukebPE7V9Ss/A
+OIHH8PWBW0kPPbhKgF33hTTP7rkazA6Jl6wQzq61dUicJmCOqnjfK3AHBotC8NgC
+kJArXMFkQbv4ps+HmNc2rbW0tOIdT/r9yGpnTp8+y0XZ9H6Ft8UTZw/nM8vWeO9E
+acRULmjDCqC3v5UFXiDcJdxwJzEj6F/VRm/G/+bQSwqzDncUWak=
+=K3Mi
+-----END PGP SIGNATURE-----
diff --git a/bind.spec b/bind.spec
index d6f83542cc4f781c36f003e1b9bf952c5994441d..24e4c8e52540c5e7ffa0cd2e9ce8884a97361a26 100644
--- a/bind.spec
+++ b/bind.spec
@@ -1,4 +1,4 @@
-%define anolis_release 2
+%define anolis_release 1
 
 %bcond_with    SYSTEMTEST
 %bcond_without GSSTSIG
@@ -30,7 +30,7 @@
 Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
 Name:     bind
 License:  MPLv2.0
-Version:  9.18.27
+Version:  9.18.28
 Release:  %{anolis_release}%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
@@ -63,7 +63,6 @@ Source48: setup-named-softhsm.sh
 Source49: named-chroot.files
 
 # Common patches
-Patch0: 0001-fix-CVE-2024-4076.patch
 
 %{?systemd_ordering}
 Requires:       coreutils
@@ -869,6 +868,10 @@ fi;
 %endif
 
 %changelog
+* Tue Oct 08 2024 Kaiqiang Wang <wangkaiqiang@inspur.com> - 32:9.18.28-1
+- update to 9.18.28
+- fix CVE-2024-1975 CVE-2024-1737
+
 * Thu Sep 04 2024 Peilin He <he.peilin@zte.com.cn> - 32:9.18.27-2
 - fix CVE-2024-4076