diff --git a/SOURCES/amanda-3.5.2-CVE-2022-37704-fixup.patch b/SOURCES/amanda-3.5.2-CVE-2022-37704-fixup.patch
new file mode 100644
index 0000000..c1ded31
--- /dev/null
+++ b/SOURCES/amanda-3.5.2-CVE-2022-37704-fixup.patch
@@ -0,0 +1,102 @@
+diff --git a/client-src/rundump.c b/client-src/rundump.c
+index bba569984..85962d11c 100644
+--- a/client-src/rundump.c
++++ b/client-src/rundump.c
+@@ -43,6 +43,16 @@ int main(int argc, char **argv);
+ static void validate_dump_option(int argc, char ** argv);
+ static void validate_xfsdump_options(int argc, char ** argv);
+ 
++/*
++ * Has USE_RUNDUMP been explicitly requsted?
++ * If not, we will not use rundump for DUMP,
++ * although we sill may need to use it for
++ * VDUMP or XFSDUMP
++ */
++#if defined(USE_RUNDUMP)
++#  define USE_RUNDUMP_FOR_DUMP
++#endif
++
+ #if defined(VDUMP) || defined(XFSDUMP)
+ #  undef USE_RUNDUMP
+ #  define USE_RUNDUMP
+@@ -138,9 +148,10 @@ main(
+ 
+ #ifdef XFSDUMP
+ 
+-    if (g_str_equal(argv[0], "xfsdump"))
++    if (g_str_equal(argv[0], "xfsdump")) {
+         dump_program = XFSDUMP;
+-    else /* strcmp(argv[0], "xfsdump") != 0 */
++        validate_xfsdump_options(argc, argv);
++    } else /* strcmp(argv[0], "xfsdump") != 0 */
+ 
+ #endif
+ 
+@@ -160,9 +171,14 @@ main(
+ 
+ #endif
+ 
++      {
+ #if defined(DUMP)
++# if defined(USE_RUNDUMP_FOR_DUMP)
+         dump_program = DUMP;
+         validate_dump_option(argc, argv);
++# else
++        error("error [%s not running %s : run it directly]\n", get_pname(), DUMP);
++# endif
+ #else
+ # if defined(XFSDUMP)
+         dump_program = XFSDUMP;
+@@ -176,6 +192,7 @@ main(
+ #  endif
+ # endif
+ #endif
++      }
+ 
+ 
+     /*
+@@ -197,6 +214,24 @@ main(
+     amfree(cmdline);
+ 
+     env = safe_env();
++    //Filter or Discard RSH Environmental variable
++    int env_count = 0;
++    for (int i = 0; env[i] != NULL; i++){
++        env_count++;
++    }
++    for (int i = 0; i < env_count; i++){
++        if (strncmp(env[i], "RSH=", 4) == 0){
++            // Remove RSH
++            g_free(env[i]);
++            // move array elements one step left - which are after "RSH"
++            for (int j = i; j < env_count; j++){
++                env[j] = env[j + 1];
++            }
++            //decrease the variable count
++            env[env_count-1] = NULL;
++            break;
++        }
++    }
+     execve(dump_program, argv, env);
+     free_env(env);
+ 
+diff --git a/client-src/runtar.c b/client-src/runtar.c
+index 499c7dfec..880068bc4 100644
+--- a/client-src/runtar.c
++++ b/client-src/runtar.c
+@@ -191,9 +191,13 @@ main(
+ 		g_str_has_prefix(argv[i],"--newer") ||
+ 		g_str_has_prefix(argv[i],"--exclude-from") ||
+ 		g_str_has_prefix(argv[i],"--files-from")) {
+-		good_option++;
++		if (strchr(argv[i], '=')) {
++		    good_option++;
++		} else {
++		    /* Accept theses options with the following argument */
++		    good_option += 2;
++		}
+ 	    } else if (argv[i][0] != '-') {
+-		/* argument values are accounted for here */
+ 		good_option++;
+ 	    }
+ 	}
diff --git a/SOURCES/amanda-3.5.2-CVE-2022-37704.patch b/SOURCES/amanda-3.5.2-CVE-2022-37704.patch
new file mode 100644
index 0000000..2a42500
--- /dev/null
+++ b/SOURCES/amanda-3.5.2-CVE-2022-37704.patch
@@ -0,0 +1,175 @@
+From e890d08e16ea0621966a7ae35cce53ccb44a472e Mon Sep 17 00:00:00 2001
+From: seetharaman-rajagopal <seetharaman.chn@gmail.com>
+Date: Mon, 13 Feb 2023 08:14:04 +0000
+Subject: [PATCH] CVE-2022-37704 - privilege escaltion form amandabackup user
+ to root -fix
+
+---
+ client-src/rundump.c | 135 +++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 135 insertions(+)
+
+diff --git a/client-src/rundump.c b/client-src/rundump.c
+index 0b354d70bf..bba5699847 100644
+--- a/client-src/rundump.c
++++ b/client-src/rundump.c
+@@ -40,6 +40,8 @@
+ #include "conffile.h"
+ 
+ int main(int argc, char **argv);
++static void validate_dump_option(int argc, char ** argv);
++static void validate_xfsdump_options(int argc, char ** argv);
+ 
+ #if defined(VDUMP) || defined(XFSDUMP)
+ #  undef USE_RUNDUMP
+@@ -160,14 +162,17 @@ main(
+ 
+ #if defined(DUMP)
+         dump_program = DUMP;
++        validate_dump_option(argc, argv);
+ #else
+ # if defined(XFSDUMP)
+         dump_program = XFSDUMP;
++        validate_xfsdump_options(argc, argv);
+ # else
+ #  if defined(VXDUMP)
+ 	dump_program = VXDUMP;
+ #  else
+         dump_program = "dump";
++        validate_dump_option(argc, argv);
+ #  endif
+ # endif
+ #endif
+@@ -203,3 +208,133 @@ main(
+     return 1;
+ #endif								/* } */
+ }
++
++void validate_dump_option(int argc, char ** argv)
++{
++	int c;
++	int numargs = argc;
++	while (numargs > 0)
++	{
++		c = getopt(argc, argv, "0123456789ab:cd:e:f:h:j:kmnqs:uvwyz:A:B:D:I:L:MQ:ST:W");
++		switch (c) {
++			case -1:
++				optind++;
++			break;
++			case '?':
++				//option is not valid
++				error("error [%s invalid option: %s]\n", get_pname(), argv[optind-1]);
++			break;
++			// All this options takes another argument
++			case 'b':
++			case 'd':
++			case 'e':
++			case 'f':
++			case 'h':
++			case 'j':
++			case 's':
++			case 'z':
++			case 'A':
++			case 'B':
++			case 'D':
++			case 'I':
++			case 'L':
++			case 'Q':
++			case 'T':
++			{
++				// get optarg and check it against NULL. If it is null, then return error.
++				if (optarg == NULL) {
++					error ("error [%s additional parameter is missing for option: %c]\n", get_pname(), c);
++				}
++				break;
++			}
++			case '0':
++			case '1':
++			case '2':
++			case '3':
++			case '4':
++			case '5':
++			case '6':
++			case '7':
++			case '8':
++			case '9':
++			case 'a':
++			case 'c':
++			case 'k':
++			case 'm':
++			case 'n':
++			case 'q':
++			case 'u':
++			case 'v':
++			case 'w':
++			case 'y':
++			case 'M':
++			case 'S':
++			case 'W':
++			{
++				break;
++			}
++			default:
++				error ("error [%s invalid option: %c]\n", get_pname(), c);
++			break;
++		}
++		numargs--;
++	}
++}
++
++void validate_xfsdump_options(int argc, char ** argv)
++{
++	int c;
++	int numargs = argc;
++	while (numargs > 0)
++	{
++		c = getopt(argc, argv, "ab:d:ef:l:mop:qs:t:v:z:AB:DFI:JL:M:RT");
++		switch (c) {
++			case -1:
++				optind++;
++			break;
++			case '?':
++				//option is not valid
++				error ("error [%s invalid option: %s]\n", get_pname(), argv[optind-1]);
++			break;
++			// All this options takes another argument
++			case 'b':
++			case 'd':
++			case 'f':
++			case 'l':
++			case 'p':
++			case 's':
++			case 't':
++			case 'v':
++			case 'z':
++			case 'B':
++			case 'I':
++			case 'L':
++			case 'M':
++			{
++				// get optarg and check it against NULL. If it is null, then return error.
++				if (optarg == NULL) {
++					error ("error [%s additional parameter is missing for option: %c]\n", get_pname(), c);
++				}
++				break;
++			}
++			case 'a':
++			case 'e':
++			case 'm':
++			case 'o':
++			case 'q':
++			case 'A':
++			case 'D':
++			case 'F':
++			case 'J':
++			case 'R':
++			case 'T':
++			{
++				break;
++			}
++			default:
++				error ("error [%s invalid option: %c]\n", get_pname(), c);
++			break;
++		}
++		numargs--;
++	}
++}
diff --git a/SOURCES/amanda-3.5.2-CVE-2022-37705.patch b/SOURCES/amanda-3.5.2-CVE-2022-37705.patch
new file mode 100644
index 0000000..dce8ecb
--- /dev/null
+++ b/SOURCES/amanda-3.5.2-CVE-2022-37705.patch
@@ -0,0 +1,26 @@
+From ed37ddf8421e34a255eaedfc1e9c3a3f9d454b95 Mon Sep 17 00:00:00 2001
+From: Prajwal T R <prajwaltr93@gmail.com>
+Date: Thu, 22 Dec 2022 10:37:30 -0700
+Subject: [PATCH] fix : fix increment logic for good_option
+
+- for arguements of type --file=x or --file x, fixed logic while incrementing value.
+---
+ client-src/runtar.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/client-src/runtar.c b/client-src/runtar.c
+index d04a1385f6..499c7dfecb 100644
+--- a/client-src/runtar.c
++++ b/client-src/runtar.c
+@@ -191,9 +191,9 @@ main(
+ 		g_str_has_prefix(argv[i],"--newer") ||
+ 		g_str_has_prefix(argv[i],"--exclude-from") ||
+ 		g_str_has_prefix(argv[i],"--files-from")) {
+-		/* Accept theses options with the following argument */
+-		good_option += 2;
++		good_option++;
+ 	    } else if (argv[i][0] != '-') {
++		/* argument values are accounted for here */
+ 		good_option++;
+ 	    }
+ 	}
diff --git a/SPECS/amanda.spec b/SPECS/amanda.spec
index 259e8ba..7b942ed 100644
--- a/SPECS/amanda.spec
+++ b/SPECS/amanda.spec
@@ -10,7 +10,7 @@
 Summary:       A network-capable tape backup solution
 Name:          amanda
 Version:       3.5.1
-Release:       13%{?dist}
+Release:       14%{?dist}
 Source:        http://downloads.sourceforge.net/amanda/amanda-%{version}.tar.gz
 Source1:       amanda.crontab
 Source4:       disklist
@@ -30,6 +30,9 @@ Patch3:        amanda-3.2.0-config-dir.patch
 Patch4:        amanda-3.4.5-no-xinetd.patch
 # Support tirpc
 Patch5:        patch-tirpc
+Patch20:       amanda-3.5.2-CVE-2022-37705.patch
+Patch21:       amanda-3.5.2-CVE-2022-37704.patch
+Patch22:       amanda-3.5.2-CVE-2022-37704-fixup.patch
 
 License:       BSD and GPLv3+ and GPLv2+ and GPLv2
 URL:           http://www.amanda.org
@@ -432,6 +435,13 @@ make check
 
 
 %changelog
+* Mon Feb 27 2023 Pavel Cahyna <pcahyna@redhat.com> - 3.5.1-14
+- Apply upstream patch for CVE-2022-37705
+- Apply upstream patch for CVE-2022-37704
+- Add my fixups for CVE-2022-37704 and CVE-2022-37705, the upstream changes broke
+  legitimate usage of xfsdump and tar, while leaving xfsdump and dump vulnerable.
+  One of the fixups submitted as PR205.
+
 * Thu Aug 02 2018 Vaclav Dolezal <vdolezal@redhat.com> - 3.5.1-13
 - fix permissions for log directory (#1572696)