diff --git a/dhcp-CVE-2022-2928.patch b/dhcp-CVE-2022-2928.patch
new file mode 100644
index 0000000000000000000000000000000000000000..485b1d86f37e30f16c0a38c98381cbeab32ff26e
--- /dev/null
+++ b/dhcp-CVE-2022-2928.patch
@@ -0,0 +1,32 @@
+diff --git a/common/options.c b/common/options.c
+index ed8ac38..addc65a 100644
+--- a/common/options.c
++++ b/common/options.c
+@@ -4397,6 +4397,8 @@ add_option(struct option_state *options,
+ 	if (!option_cache_allocate(&oc, MDL)) {
+ 		log_error("No memory for option cache adding %s (option %d).",
+ 			  option->name, option_num);
++		/* Get rid of reference created during hash lookup. */
++		option_dereference(&option, MDL);
+ 		return 0;
+ 	}
+ 
+@@ -4408,6 +4410,8 @@ add_option(struct option_state *options,
+ 			     MDL)) {
+ 		log_error("No memory for constant data adding %s (option %d).",
+ 			  option->name, option_num);
++		/* Get rid of reference created during hash lookup. */
++		option_dereference(&option, MDL);
+ 		option_cache_dereference(&oc, MDL);
+ 		return 0;
+ 	}
+@@ -4416,6 +4420,9 @@ add_option(struct option_state *options,
+ 	save_option(&dhcp_universe, options, oc);
+ 	option_cache_dereference(&oc, MDL);
+ 
++	/* Get rid of reference created during hash lookup. */
++	option_dereference(&option, MDL);
++
+ 	return 1;
+ }
+ 
diff --git a/dhcp-CVE-2022-2929.patch b/dhcp-CVE-2022-2929.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d719bf6bfdd8849b3f06757d2bb805c2d44b6f7f
--- /dev/null
+++ b/dhcp-CVE-2022-2929.patch
@@ -0,0 +1,25 @@
+diff --git a/common/options.c b/common/options.c
+index addc65a..3e6383a 100644
+--- a/common/options.c
++++ b/common/options.c
+@@ -435,16 +435,16 @@ int fqdn_universe_decode (struct option_state *options,
+ 		while (s < &bp -> data[0] + length + 2) {
+ 			len = *s;
+ 			if (len > 63) {
+-				log_info ("fancy bits in fqdn option");
+-				return 0;
++				log_info ("label length exceeds 63 in fqdn option");
++				goto bad;
+ 			}
+ 			if (len == 0) {
+ 				terminated = 1;
+ 				break;
+ 			}
+ 			if (s + len > &bp -> data [0] + length + 3) {
+-				log_info ("fqdn tag longer than buffer");
+-				return 0;
++				log_info ("fqdn label longer than buffer");
++				goto bad;
+ 			}
+ 
+ 			if (first_len == 0) {
diff --git a/dhcp.spec b/dhcp.spec
index 4a842445e8cb2c39d99c1551bbf5bd482ddafb71..4c882f4a0d391d090c7e77c5c4640892def3ec84 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -17,7 +17,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.3.6
-Release:  48%{anolis_release}%{?dist}.1
+Release:  49%{anolis_release}%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -86,7 +86,9 @@ Patch49:  dhcp-detect-system-time-jumps.patch
 Patch50:  dhcp-key_algorithm.patch
 Patch51:  dhcp-statement_parser.patch
 Patch52:  dhcp-omshell-hmac-sha512-support.patch
-Patch53:  dhcp-dhcp6-vendor-opts.patch
+Patch53:  dhcp-CVE-2022-2928.patch
+Patch54:  dhcp-CVE-2022-2929.patch
+Patch55:  dhcp-dhcp6-vendor-opts.patch
 
 #Add by anolis
 Patch1001: 0001-dhcp-anolis-rebrand.patch
@@ -376,9 +378,15 @@ rm bind/bind.tar.gz
 # https://bugzilla.redhat.com/show_bug.cgi?id=2016248
 %patch52 -p1
 
-# https://bugzilla.redhat.com/show_bug.cgi?id=2142025
+# https://bugzilla.redhat.com/show_bug.cgi?id=2132248
 %patch53 -p1
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=2132245
+%patch54 -p1
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=2142024
+%patch55 -p1
+
 # Update paths in all man pages
 for page in client/dhclient.conf.5 client/dhclient.leases.5 \
             client/dhclient-script.8 client/dhclient.8 ; do
@@ -714,12 +722,14 @@ done
 %endif
 
 %changelog
-* Mon Jan 30 2023 yangxiaoxuan <yangxiaoxuan@openanolis.org> - 12:4.3.6-48.0.1.1
+* Fri May 26 2023 yangxiaoxuan <yangxiaoxuan@openanolis.org> - 12:4.3.6-49.0.1
 - Rebrand for Anolis OS
 - Fix gcc10 -fno-common compile issue for compatible with gcc10 build
 
-* Sun Nov 20 2022 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-48.1
-- send back dhcp6.vendor-opts again (#2142025)
+* Tue Oct 11 2022 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-49
+- Fix for CVE-2022-2928
+- Fix for CVE-2022-2929
+- send back dhcp6.vendor-opts again (#2142024)
 
 * Tue May 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-48
 - omshell: add support for hmac-sha512 algorithm (#2016248)
diff --git a/dist b/dist
index 535c6900412d365bb0ff6de8d1f27110833b3ae3..9c0e36ec42a2d9bfefacb21ac6354c9ddd910533 100644
--- a/dist
+++ b/dist
@@ -1 +1 @@
-an8_7
+an8