diff --git a/0001-attr-Fix-reading-of-server_reply.patch b/0001-attr-Fix-reading-of-server_reply.patch
new file mode 100644
index 0000000..cb8c9d3
--- /dev/null
+++ b/0001-attr-Fix-reading-of-server_reply.patch
@@ -0,0 +1,37 @@
+From 43eaf0e82b1475a6a5322881cbd8260b6c3f5ef8 Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Wed, 21 Feb 2024 17:40:11 +0100
+Subject: attr: Fix reading of server_reply
+
+read_server_reply first reads boothc header and then rest of packet
+which contains hmac info. This should go in memory right after
+boothc_header and not after full length of packet, because full length
+of packet already contains hmac info.
+
+Solution is to simply use length of header and not length of packet.
+
+Longer term and better solution would be to drop read_server_reply
+completely and use recv_auth which is used for everything else but attr
+set and delete.
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+---
+ src/attr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/attr.c b/src/attr.c
+index 44061e3..bc154f0 100644
+--- a/src/attr.c
++++ b/src/attr.c
+@@ -142,7 +142,7 @@ static int read_server_reply(
+ 		return -2;
+ 	}
+ 	len = ntohl(header->length);
+-	rv = tpt->recv(site, msg+len, len-sizeof(*header));
++	rv = tpt->recv(site, msg+sizeof(*header), len-sizeof(*header));
+ 	if (rv < 0) {
+ 		return -1;
+ 	}
+-- 
+2.41.0
+
diff --git a/0002-auth-Check-result-of-gcrypt-gcry_md_get_algo_dlen.patch b/0002-auth-Check-result-of-gcrypt-gcry_md_get_algo_dlen.patch
new file mode 100644
index 0000000..5e8fa09
--- /dev/null
+++ b/0002-auth-Check-result-of-gcrypt-gcry_md_get_algo_dlen.patch
@@ -0,0 +1,65 @@
+From 98b4284d1701f2efec278b51f151314148bfe70e Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Wed, 21 Feb 2024 18:12:28 +0100
+Subject: auth: Check result of gcrypt gcry_md_get_algo_dlen
+
+When unknown hash is passed to gcry_md_get_algo_dlen 0 is returned. This
+value is then used for memcmp so wrong hmac might be accepted as
+correct.
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+---
+ src/auth.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/src/auth.c b/src/auth.c
+index 8f86b9a..a3b3d20 100644
+--- a/src/auth.c
++++ b/src/auth.c
+@@ -28,6 +28,11 @@ int calc_hmac(const void *data, size_t datalen,
+ {
+ 	static gcry_md_hd_t digest;
+ 	gcry_error_t err;
++	int hlen;
++
++	hlen = gcry_md_get_algo_dlen(hid);
++	if (!hlen)
++		return -1;
+ 
+ 	if (!digest) {
+ 		err = gcry_md_open(&digest, hid, GCRY_MD_FLAG_HMAC);
+@@ -42,7 +47,7 @@ int calc_hmac(const void *data, size_t datalen,
+ 		}
+ 	}
+ 	gcry_md_write(digest, data, datalen);
+-	memcpy(result, gcry_md_read(digest, 0), gcry_md_get_algo_dlen(hid));
++	memcpy(result, gcry_md_read(digest, 0), hlen);
+ 	gcry_md_reset(digest);
+ 	return 0;
+ }
+@@ -54,15 +59,20 @@ int verify_hmac(const void *data, size_t datalen,
+ {
+ 	unsigned char *our_hmac;
+ 	int rc;
++	int hlen;
++
++	hlen = gcry_md_get_algo_dlen(hid);
++	if (!hlen)
++		return -1;
+ 
+-	our_hmac = malloc(gcry_md_get_algo_dlen(hid));
++	our_hmac = malloc(hlen);
+ 	if (!our_hmac)
+ 		return -1;
+ 
+ 	rc = calc_hmac(data, datalen, hid, our_hmac, key, keylen);
+ 	if (rc)
+ 		goto out_free;
+-	rc = memcmp(our_hmac, hmac, gcry_md_get_algo_dlen(hid));
++	rc = memcmp(our_hmac, hmac, hlen);
+ 
+ out_free:
+ 	if (our_hmac)
+-- 
+2.41.0
+
diff --git a/booth.spec b/booth.spec
index 3d34ea3..5d7a8c5 100644
--- a/booth.spec
+++ b/booth.spec
@@ -31,7 +31,7 @@
 %global git_describe_str v1.0-283-g9d4029aa14323a7f3b496215d25e40bd14f33632
 
 # Set this to 1 when rebasing (changing git_describe_str) and increase otherwise
-%global release 4
+%global release 5
 
 # Run shell script to parse git_describe str into version, numcomm and sha1 hash
 %global booth_ver %(s=%{git_describe_str}; vver=${s%%%%-*}; echo ${vver:1})
@@ -62,6 +62,8 @@ Summary:        Ticket Manager for Multi-site Clusters
 License:        GPL-2.0-or-later
 Url:            https://github.com/%{github_owner}/%{name}
 Source0:        https://github.com/%{github_owner}/%{name}/archive/%{booth_short_sha1}/%{booth_archive_name}.tar.gz
+Patch0:         0001-attr-Fix-reading-of-server_reply.patch
+Patch1:         0002-auth-Check-result-of-gcrypt-gcry_md_get_algo_dlen.patch
 
 # direct build process dependencies
 BuildRequires:  autoconf
@@ -310,6 +312,11 @@ VERBOSE=1 make check
 %{_usr}/lib/ocf/resource.d/booth/sharedrsc
 
 %changelog
+* Fri Jun 07 2024 Jan Friesse <jfriesse@redhat.com> - 1.0-283.5.9d4029a.git
+- attr: Fix reading of server_reply
+- auth: Check result of gcrypt gcry_md_get_algo_dlen
+  (fixes CVE-2024-3049)
+
 * Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-283.4.9d4029a.git
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild