diff --git a/CVE-2020-15025.patch b/CVE-2020-15025.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d7440dd7df4ab1bdfc1b0ae5144fbb0338c9b543
--- /dev/null
+++ b/CVE-2020-15025.patch
@@ -0,0 +1,52 @@
+From 50704f496376fb463bafa9700fb70ff8e3ac6d48 Mon Sep 17 00:00:00 2001
+Date: Wed, 9 Sep 2020 18:31:28 +0800
+Subject: [PATCH] memory leak with AES128CMAC keys
+
+---
+ ChangeLog             | 1 +
+ libntp/a_md5encrypt.c | 2 +-
+ sntp/crypto.c         | 3 ++-
+ 3 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 35d5d36..f510296 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,6 +1,7 @@
+ ---
+ (4.2.8p14) 2020/03/03 Released by Harlan Stenn <stenn@ntp.org>
+ 
++* [Bug 3661] memory leak with AES128CMAC keys <perlinger@ntp.org>
+ * [Sec 3610] process_control() should bail earlier on short packets. stenn@
+   - Reported by Philippe Antoine
+ * [Sec 3596] Highly predictable timestamp attack. <stenn@ntp.org>
+diff --git a/libntp/a_md5encrypt.c b/libntp/a_md5encrypt.c
+index 8c046f4..57100de 100644
+--- a/libntp/a_md5encrypt.c
++++ b/libntp/a_md5encrypt.c
+@@ -93,7 +93,7 @@ make_mac(
+ 		}
+ 	  cmac_fail:
+ 		if (ctx)
+-			CMAC_CTX_cleanup(ctx);
++			CMAC_CTX_free(ctx);
+ 	}
+ 	else
+ #   endif /*ENABLE_CMAC*/
+diff --git a/sntp/crypto.c b/sntp/crypto.c
+index 8ffe006..35e125c 100644
+--- a/sntp/crypto.c
++++ b/sntp/crypto.c
+@@ -70,7 +70,8 @@ compute_mac(
+ 		}
+ 		len = (u_int)slen;
+ 		
+-		CMAC_CTX_cleanup(ctx);
++                if (ctx)
++                        CMAC_CTX_free(ctx);
+ 		/* Test our AES-128-CMAC implementation */
+ 		
+ 	} else	/* MD5 MAC handling */
+-- 
+1.8.3.1
+
diff --git a/ntp.spec b/ntp.spec
index 81f5997d3b970b415285c683c50461be4e6ba107..a21df4d3625ad68ee6155f608f4ab1eb98864a44 100644
--- a/ntp.spec
+++ b/ntp.spec
@@ -2,7 +2,7 @@
 
 Name:                  ntp
 Version:               4.2.8p14
-Release:               2
+Release:               3
 Summary:               A protocol designed to synchronize the clocks of computers over a network
 License:               MIT and BSD and BSD with advertising
 URL:                   https://www.ntp.org/
@@ -20,11 +20,12 @@ Source13:              ntpdate.service
 Source14:              ntp-wait.service
 Source15:              sntp.service
 Source16:              sntp.sysconfig
-Patch1:                ntp-ssl-libs.patch
-Patch2:		       ntp-psl-def.patch
 
-Patch9000:             bugfix-fix-bind-port-in-debug-mode.patch
-Patch9001:             bugfix-fix-ifindex-length.patch
+Patch0:                ntp-ssl-libs.patch
+Patch1:                ntp-psl-def.patch
+Patch2:                bugfix-fix-bind-port-in-debug-mode.patch
+Patch3:                bugfix-fix-ifindex-length.patch
+Patch4:                CVE-2020-15025.patch
 
 BuildRequires:	       libcap-devel openssl-devel libedit-devel libevent-devel pps-tools-devel
 BuildRequires:         autogen autogen-libopts-devel systemd gcc perl-generators perl-HTML-Parser
@@ -207,6 +208,12 @@ make check
 %{_mandir}/man8/*.8*
 
 %changelog
+* Wed Sep 09 2020 liulong<liulong20@huawei.com> - 4.2.8p14-3
+- Type:cves
+- ID:CVE-2020-15025
+- SUG:restart
+- DESC: fix CVE-2020-15025
+
 * Wed Sep 02 2020 yuboyun<yuboyun@huawei.com> - 4.2.8p14-2
 - Type:bugfix
 - ID:NA