diff --git a/fix-libkadm5-parameter-leak.patch b/fix-libkadm5-parameter-leak.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f26043233d46121bd8e43ef0a3f6fdff52e8b2a5
--- /dev/null
+++ b/fix-libkadm5-parameter-leak.patch
@@ -0,0 +1,33 @@
+From f14651a9fe94aca2bc2569848d931e4ba7a318a7 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Fri, 11 Oct 2024 11:38:03 +0200
+Subject: [PATCH] Fix libkadm5 parameter leak
+
+Commit aa91cb5dbbd4356c7a9069f4f52a10f70d91bc00 added kadmind_listen,
+kpasswd_listen, and iprop_listen fields to kadm5_config_params, but
+did not add them to the fields freed in kadm5_free_config_params().
+Add them now.
+
+[ghudson@mit.edu: rewrote commit message]
+
+---
+ src/lib/kadm5/alt_prof.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
+index e8c1f51..4eb840e 100644
+--- a/src/lib/kadm5/alt_prof.c
++++ b/src/lib/kadm5/alt_prof.c
+@@ -757,6 +757,9 @@ kadm5_free_config_params(krb5_context context, kadm5_config_params *params)
+     free(params->acl_file);
+     free(params->realm);
+     free(params->iprop_logfile);
++    free(params->iprop_listen);
++    free(params->kadmind_listen);
++    free(params->kpasswd_listen);
+     return 0;
+ }
+ 
+-- 
+2.27.0
+
diff --git a/krb5.spec b/krb5.spec
index 6338e5b83043bf51dd096cd31d0c19e21e3d2a52..83f3094e1e41b070829f60607fe51d79df82fc40 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -3,7 +3,7 @@
 
 Name:     krb5
 Version:  1.21.2
-Release:  9
+Release:  10
 Summary:  The Kerberos network authentication protocol
 License:  MIT
 URL:      http://web.mit.edu/kerberos/www/
@@ -39,6 +39,7 @@ Patch15: backport-Handle-empty-initial-buffer-in-IAKERB-initiator.patch
 Patch16: backport-CVE-2024-37370-CVE-2024-37371-Fix-vulnerabilities-in-GSS-message-token-handling.patch
 Patch17: backport-Change-krb5_get_credentials-endtime-behavior.patch
 Patch18: backport-Fix-memory-leak-in-PAC-checksum-verification.patch
+Patch19: fix-libkadm5-parameter-leak.patch 
 
 BuildRequires:  gettext
 BuildRequires:  gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc
@@ -337,6 +338,9 @@ make -C src check || :
 %{_mandir}/man8/*
 
 %changelog
+* Wed Oct 30 2024 yanshuai <yanshuai@kylinos.cn> - 1.21.2-10
+- Fix libkadm5 parameter leak
+
 * Sun Oct 27 2024 zhangyaqi <zhangyaqi@kylinos.cn> - 1.21.2-9
 - Fix memory leak in PAC checksum verification