diff --git a/backport-CVE-2023-26551-CVE-2023-26552-CVE-2023-26553-CVE-2023-26554.patch b/backport-CVE-2023-26551-CVE-2023-26552-CVE-2023-26553-CVE-2023-26554.patch
new file mode 100644
index 0000000000000000000000000000000000000000..10aab4e4db6e1c119087c8132a85e93dd9cc290f
--- /dev/null
+++ b/backport-CVE-2023-26551-CVE-2023-26552-CVE-2023-26553-CVE-2023-26554.patch
@@ -0,0 +1,47 @@
+From 562c0cc96b42afce4eeef8da8ac315f03e2e99df Mon Sep 17 00:00:00 2001
+From: Miroslva Lichvar <mlichvar@redhat.com>
+Date: Thu, 20 Apr 2023 08:27:41 PM GMT+0800
+Subject: [PATCH] mstolfp:make sure the buffer has enough room for the input extra characters
+
+Reference:https://build.opensuse.org/package/view_file/openSUSE:Factory/ntp/ntp-CVE-2023-26551.patch?expand=1
+Conflict:NA
+
+CVE-2023-26552, CVE-2023-26553 and CVE-2023-26554 are marked identical to CVE-2023-26551
+https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1507034339
+
+---
+ libntp/mstolfp.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/libntp/mstolfp.c b/libntp/mstolfp.c
+index 3dfc4ef..a8defa2 100644
+--- a/libntp/mstolfp.c
++++ b/libntp/mstolfp.c
+@@ -14,7 +14,7 @@ mstolfp(
+ 	l_fp *lfp
+ 	)
+ {
+-	register const char *cp;
++	register const char *cp, *end;
+ 	register char *bp;
+ 	register const char *cpdec;
+ 	char buf[100];
+@@ -42,6 +42,15 @@ mstolfp(
+ 	if (*cp != '.' && !isdigit((unsigned char)*cp))
+ 	    return 0;
+ 
++    /*
++    * Make sure the buffer has enough room for the input string and the
++    * extra characters, in the worst case replacing "." with "0.000"
++    */
++    end = cp;
++    while (isdigit((unsigned char)*end) || *end == '.')
++        end++;
++    if (end - cp + 4 >= sizeof (buf) - (bp - buf))
++        return 0;
+ 
+ 	/*
+ 	 * Search forward for the decimal point or the end of the string.
+-- 
+2.27.0
+
diff --git a/ntp.spec b/ntp.spec
index d2cbf85b9b950635c6d607697d7452c381abd0b7..89dd472154ac54c9e0dd2af66f593b18816cdc55 100644
--- a/ntp.spec
+++ b/ntp.spec
@@ -2,7 +2,7 @@
 
 Name:                  ntp
 Version:               4.2.8p14
-Release:               6
+Release:               7
 Summary:               A protocol designed to synchronize the clocks of computers over a network
 License:               MIT and BSD and BSD with advertising
 URL:                   https://www.ntp.org/
@@ -24,8 +24,9 @@ Patch1:                ntp-ssl-libs.patch
 Patch2:		       ntp-psl-def.patch
 Patch3:                bugfix-fix-bind-port-in-debug-mode.patch
 Patch4:                bugfix-fix-ifindex-length.patch
-patch5:                bugfix-MD5-manpage.patch
-patch6:                backport-CVE-2020-15025.patch
+Patch5:                bugfix-MD5-manpage.patch
+Patch6:                backport-CVE-2020-15025.patch
+Patch7:                backport-CVE-2023-26551-CVE-2023-26552-CVE-2023-26553-CVE-2023-26554.patch
 
 BuildRequires:	       libcap-devel openssl-devel libedit-devel libevent-devel pps-tools-devel
 BuildRequires:         autogen autogen-libopts-devel systemd gcc perl-generators perl-HTML-Parser
@@ -209,13 +210,19 @@ make check
 %{_mandir}/man8/*.8*
 
 %changelog
-* Thu Mar 10 2022 renmingshuai<renmingshuai@huawei.com> - 4.2.8p15-6
+* Fri May 12 2023 chengyechun <chengyechun1@huawei.com> - 4.2.8p14-7
+- Type:CVE
+- ID:CVE-2023-26551,CVE-2023-26552,CVE-2023-26553,CVE-2023-26554
+- SUG:NA
+- DESC:make sure the buffer has enough room for the input extra characters
+
+* Thu Mar 10 2022 renmingshuai<renmingshuai@huawei.com> - 4.2.8p14-6
 - Type:cves
 - ID:NA
 - SUG:NA
 - DESC: fix CVE-2020-15025
 
-* Sat Dec 4 2021 renmingshuai<renmingshuai@huawei.com> - 4.2.8p15-5
+* Sat Dec 4 2021 renmingshuai<renmingshuai@huawei.com> - 4.2.8p14-5
 - Type:bugfix
 - ID:NA
 - SUG:NA