diff --git a/CVE-2021-25217.patch b/CVE-2021-25217.patch
new file mode 100644
index 0000000000000000000000000000000000000000..680a9ea742801a04c4cfa6bf59fd1ca62c27d728
--- /dev/null
+++ b/CVE-2021-25217.patch
@@ -0,0 +1,33 @@
+diff --git a/common/parse.c b/common/parse.c
+index 3329657..8772540 100644
+--- a/common/parse.c
++++ b/common/parse.c
+@@ -3,7 +3,7 @@
+    Common parser code for dhcpd and dhclient. */
+ 
+ /*
+- * Copyright (c) 2004-2019 by Internet Systems Consortium, Inc. ("ISC")
++ * Copyright (c) 2004-2021 by Internet Systems Consortium, Inc. ("ISC")
+  * Copyright (c) 1995-2003 by Internet Software Consortium
+  *
+  * This Source Code Form is subject to the terms of the Mozilla Public
+@@ -5613,13 +5613,14 @@ int parse_X (cfile, buf, max)
+ 				skip_to_semi (cfile);
+ 				return 0;
+ 			}
+-			convert_num (cfile, &buf [len], val, 16, 8);
+-			if (len++ > max) {
++			if (len >= max) {
+ 				parse_warn (cfile,
+ 					    "hexadecimal constant too long.");
+ 				skip_to_semi (cfile);
+ 				return 0;
+ 			}
++			convert_num (cfile, &buf [len], val, 16, 8);
++			len++;
+ 			token = peek_token (&val, (unsigned *)0, cfile);
+ 			if (token == COLON)
+ 				token = next_token (&val,
+-- 
+1.8.3.1
+
diff --git a/dhcp.spec b/dhcp.spec
index dff2c01ee9b2f987c7a70e6b7f78ef45f68f9ce4..3d902142179b698f792d33d36dd6a604c73277a2 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -3,7 +3,7 @@
 
 Name:      dhcp
 Version:   4.4.2
-Release:   2
+Release:   3
 Summary:   Dynamic host configuration protocol software
 #Please don't change the epoch on this package
 Epoch:     12
@@ -44,15 +44,14 @@ Patch23: 0023-option-97-pxe-client-id.patch
 Patch24: 0024-Detect-system-time-changes.patch
 Patch25: 0025-bind-Detect-system-time-changes.patch
 Patch26: 0026-Add-dhclient-5-B-option-description.patch
-Patch27:  0027-Add-missed-sd-notify-patch-to-manage-dhcpd-with-syst.patch
-
-Patch6003: bugfix-dhcp-4.2.5-check-dhclient-pid.patch
-Patch6004: bugfix-reduce-getifaddr-calls.patch
-Patch6005: bugfix-dhcp-64-bit-lease-parse.patch
-
-Patch9001: bugfix-dhcpd-2038-problem.patch
-Patch9003: dhcpd-coredump-infiniband.patch
-Patch9004: bugfix-dhclient-check-if-pid-was-held.patch
+Patch27: 0027-Add-missed-sd-notify-patch-to-manage-dhcpd-with-syst.patch
+Patch28: bugfix-dhcp-4.2.5-check-dhclient-pid.patch
+Patch29: bugfix-reduce-getifaddr-calls.patch
+Patch30: bugfix-dhcp-64-bit-lease-parse.patch
+Patch31: bugfix-dhcpd-2038-problem.patch
+Patch32: dhcpd-coredump-infiniband.patch
+Patch33: bugfix-dhclient-check-if-pid-was-held.patch
+Patch34: CVE-2021-25217.patch
 
 BuildRequires: gcc autoconf automake libtool openldap-devel krb5-devel libcap-ng-devel bind-export-devel
 BuildRequires: systemd systemd-devel
@@ -292,6 +291,12 @@ exit 0
 %{_mandir}/man3/omapi.3.gz
 
 %changelog
+* Wed Jun 2 2021 renmingshuai <renmingshuai@huawei.com> - 4.4.2-3
+- Type:bugfix
+- ID:NA
+- SUG:restart
+- DESC:fix CVE-2021-25217
+
 * Tue Dec 29 2020 quanhongfei <quanhongfei@huawei.com> - 4.4.2-2
 - Type:bugfix
 - ID:NA