diff --git a/openssh-8.7p1-mem-leak.patch b/openssh-8.7p1-mem-leak.patch
index 5d534f5..8c9ac80 100644
--- a/openssh-8.7p1-mem-leak.patch
+++ b/openssh-8.7p1-mem-leak.patch
@@ -1,6 +1,6 @@
 diff --color -rup a/compat.c b/compat.c
 --- a/compat.c	2021-08-20 06:03:49.000000000 +0200
-+++ b/compat.c	2022-07-11 10:00:56.661195753 +0200
++++ b/compat.c	2022-07-14 17:39:23.770268440 +0200
 @@ -157,11 +157,12 @@ compat_banner(struct ssh *ssh, const cha
  	debug_f("no match: %s", version);
  }
@@ -58,9 +58,9 @@ diff --color -rup a/compat.c b/compat.c
  	debug2_f("compat KEX proposal: %s", p);
  	if (*p == '\0')
 diff --color -rup a/sshconnect2.c b/sshconnect2.c
---- a/sshconnect2.c	2022-07-11 09:54:22.300523575 +0200
-+++ b/sshconnect2.c	2022-07-11 10:13:20.516655403 +0200
-@@ -218,6 +218,7 @@ ssh_kex2(struct ssh *ssh, char *host, st
+--- a/sshconnect2.c	2022-07-14 17:38:43.241496549 +0200
++++ b/sshconnect2.c	2022-07-14 17:39:23.772268479 +0200
+@@ -222,6 +222,7 @@ ssh_kex2(struct ssh *ssh, char *host, st
  {
  	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
  	char *s, *all_key;
@@ -68,7 +68,7 @@ diff --color -rup a/sshconnect2.c b/sshconnect2.c
  	int r, use_known_hosts_order = 0;
  
  #if defined(GSSAPI) && defined(WITH_OPENSSL)
-@@ -248,10 +249,9 @@ ssh_kex2(struct ssh *ssh, char *host, st
+@@ -252,10 +253,9 @@ ssh_kex2(struct ssh *ssh, char *host, st
  
  	if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
  		fatal_f("kex_names_cat");
@@ -81,7 +81,7 @@ diff --color -rup a/sshconnect2.c b/sshconnect2.c
  	    compat_cipher_proposal(ssh, options.ciphers);
  	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
  	    myproposal[PROPOSAL_COMP_ALGS_STOC] =
-@@ -260,12 +260,12 @@ ssh_kex2(struct ssh *ssh, char *host, st
+@@ -264,12 +264,12 @@ ssh_kex2(struct ssh *ssh, char *host, st
  	    myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
  	if (use_known_hosts_order) {
  		/* Query known_hosts and prefer algorithms that appear there */
@@ -96,7 +96,7 @@ diff --color -rup a/sshconnect2.c b/sshconnect2.c
  		    compat_pkalg_proposal(ssh, options.hostkeyalgorithms);
  	}
  
-@@ -379,6 +379,10 @@ ssh_kex2(struct ssh *ssh, char *host, st
+@@ -383,6 +383,10 @@ ssh_kex2(struct ssh *ssh, char *host, st
  	    (r = ssh_packet_write_wait(ssh)) != 0)
  		fatal_fr(r, "send packet");
  #endif
@@ -108,12 +108,13 @@ diff --color -rup a/sshconnect2.c b/sshconnect2.c
  
  /*
 diff --color -rup a/sshd.c b/sshd.c
---- a/sshd.c	2022-07-11 09:54:22.301523594 +0200
-+++ b/sshd.c	2022-07-11 10:17:15.692209542 +0200
-@@ -2479,14 +2479,14 @@ do_ssh2_kex(struct ssh *ssh)
+--- a/sshd.c	2022-07-14 17:38:43.242496568 +0200
++++ b/sshd.c	2022-07-14 17:42:07.616388978 +0200
+@@ -2493,14 +2493,15 @@ do_ssh2_kex(struct ssh *ssh)
  {
  	char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
  	struct kex *kex;
++	char *hostkey_types = NULL;
 +	char *prop_kex = NULL, *prop_enc = NULL, *prop_hostkey = NULL;
  	int r;
  
@@ -130,18 +131,20 @@ diff --color -rup a/sshd.c b/sshd.c
  	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
  	    myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
  
-@@ -2499,8 +2499,8 @@ do_ssh2_kex(struct ssh *ssh)
+@@ -2513,8 +2514,10 @@ do_ssh2_kex(struct ssh *ssh)
  		ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
  		    options.rekey_interval);
  
 -	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
 -	    ssh, list_hostkey_types());
++	hostkey_types = list_hostkey_types();
 +	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = prop_hostkey =
-+	    compat_pkalg_proposal(ssh, list_hostkey_types());
++	    compat_pkalg_proposal(ssh, hostkey_types);
++	free(hostkey_types);
  
  #if defined(GSSAPI) && defined(WITH_OPENSSL)
  	{
-@@ -2592,6 +2592,9 @@ do_ssh2_kex(struct ssh *ssh)
+@@ -2606,6 +2609,9 @@ do_ssh2_kex(struct ssh *ssh)
  	    (r = ssh_packet_write_wait(ssh)) != 0)
  		fatal_fr(r, "send test");
  #endif
diff --git a/openssh.spec b/openssh.spec
index 47ed8a4..490fef1 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -51,7 +51,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.7p1
-%global openssh_rel 17
+%global openssh_rel 18
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 4
 
@@ -725,6 +725,10 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Thu Jul 14 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-18
+- Fix new coverity issues
+  Related: rhbz#2068423
+
 * Thu Jul 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-17
 - Disable ed25519 and ed25519-sk keys in FIPS mode
   Related: rhbz#2087915