diff --git a/fix_CVE-2024-22365.patch b/fix_CVE-2024-22365.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5477919857678b9b8f377d772cd7977721107a1f
--- /dev/null
+++ b/fix_CVE-2024-22365.patch
@@ -0,0 +1,34 @@
+diff -Nuar Linux-PAM-1.5.3.orig/modules/pam_namespace/pam_namespace.c Linux-PAM-1.5.3/modules/pam_namespace/pam_namespace.c
+--- Linux-PAM-1.5.3.orig/modules/pam_namespace/pam_namespace.c	2023-05-08 07:06:47.000000000 +0800
++++ Linux-PAM-1.5.3/modules/pam_namespace/pam_namespace.c	2024-05-15 14:11:02.000000000 +0800
+@@ -1194,7 +1194,7 @@
+ 	int dfd = AT_FDCWD;
+ 	int dfd_next;
+ 	int save_errno;
+-	int flags = O_RDONLY;
++	int flags = O_RDONLY | O_DIRECTORY;
+ 	int rv = -1;
+ 	struct stat st;
+ 
+@@ -1248,21 +1248,6 @@
+ 		rv = openat(dfd, dir, flags);
+ 	}
+ 
+-	if (rv != -1) {
+-		if (fstat(rv, &st) != 0) {
+-			save_errno = errno;
+-			close(rv);
+-			rv = -1;
+-			errno = save_errno;
+-			goto error;
+-		}
+-		if (!S_ISDIR(st.st_mode)) {
+-			close(rv);
+-			errno = ENOTDIR;
+-			rv = -1;
+-			goto error;
+-		}
+-	}
+ 
+ 	if (flags & O_NOFOLLOW) {
+ 		/* we are inside user-owned dir - protect */
diff --git a/pam.spec b/pam.spec
index 53429afdf5cbee39477152dec73da9942e3c77a9..b1c96c9082880691621ff7a3c0c6a390d2c75a9a 100644
--- a/pam.spec
+++ b/pam.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 %global soname_version 0
 
 Name:           pam
@@ -9,10 +9,10 @@ Summary:        A Security Interface for Applications in Authentication activiti
 License:        GPL-2.0-or-later OR BSD-3-Clause
 Group:          System/Libraries
 URL:            http://www.linux-pam.org/
-Source0:        Linux-PAM-%{version}.tar.xz
-Source1:        Linux-PAM-%{version}.tar.xz.asc
-Source2:        Linux-PAM-%{version}-docs.tar.xz
-Source3:        Linux-PAM-%{version}-docs.tar.xz.asc
+Source0:        https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz
+Source1:        https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz.asc
+Source2:        https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}-docs.tar.xz
+Source3:        https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}-docs.tar.xz.asc
 Source4:        gpl-2.0.txt
 Source5:        macros.%{name}
 #config files
@@ -29,6 +29,7 @@ Source102:      postlogin.5
 Patch1: 0001-Fix-pam-1.1.8-faillock-system-time-issue.patch
 Patch2: 0001-change-ndbm-to-gdbm.patch
 Patch3: 0001-add-sm3-crypt-support.patch
+Patch4: fix_CVE-2024-22365.patch
 
 BuildRequires:  audit-libs-devel
 BuildRequires:  autoconf
@@ -343,6 +344,9 @@ done
 %{abidir}/libpam*.dump
 
 %changelog
+* Wed May 15 2024 Cui lichen <cuilichen@redflag-os.com> - 1.5.3-2
+- Fix CVE-2024-22365
+
 * Wed Mar 13 2024 doupengda <doupengda@loongson.cn> - 1.5.3-1
 - Update to version 1.5.3