diff --git a/SOURCES/0006-CVE-2020-12831.patch b/SOURCES/0006-CVE-2020-12831.patch
new file mode 100644
index 0000000..35df767
--- /dev/null
+++ b/SOURCES/0006-CVE-2020-12831.patch
@@ -0,0 +1,17 @@
+diff --git a/redhat/frr.init b/redhat/frr.init
+index b59656a..4cf3fd4 100755
+--- a/redhat/frr.init
++++ b/redhat/frr.init
+@@ -94,10 +94,12 @@ check_daemon()
+             if [ ! -r "$C_PATH/$1-$2.conf" ]; then
+                 touch "$C_PATH/$1-$2.conf"
+                 chown frr:frr "$C_PATH/$1-$2.conf"
++                chmod 0600 "$C_PATH/$1-$2.conf"
+             fi
+         elif [ ! -r "$C_PATH/$1.conf" ]; then
+             touch "$C_PATH/$1.conf"
+             chown frr:frr "$C_PATH/$1.conf"
++            chmod 0600 "$C_PATH/$1.conf"
+         fi
+     fi
+     return 0
diff --git a/SOURCES/0007-bfd-port-range.patch b/SOURCES/0007-bfd-port-range.patch
new file mode 100644
index 0000000..d687f0e
--- /dev/null
+++ b/SOURCES/0007-bfd-port-range.patch
@@ -0,0 +1,15 @@
+diff --git a/bfdd/bfd.h b/bfdd/bfd.h
+index 3a58a8d..0970333 100644
+--- a/bfdd/bfd.h
++++ b/bfdd/bfd.h
+@@ -315,8 +315,8 @@ struct bfd_iface {
+ #define BFD_PKT_INFO_VAL 1
+ #define BFD_IPV6_PKT_INFO_VAL 1
+ #define BFD_IPV6_ONLY_VAL 1
+-#define BFD_SRCPORTINIT 49142
+-#define BFD_SRCPORTMAX 65536
++#define BFD_SRCPORTINIT 49152
++#define BFD_SRCPORTMAX 65535
+ #define BFD_DEFDESTPORT 3784
+ #define BFD_DEF_ECHO_PORT 3785
+ #define BFD_DEF_MHOP_DEST_PORT 4784
diff --git a/SPECS/frr.spec b/SPECS/frr.spec
index 30445b7..9a0f0c8 100644
--- a/SPECS/frr.spec
+++ b/SPECS/frr.spec
@@ -9,7 +9,7 @@
 
 Name: frr
 Version: 7.0
-Release: 8%{?checkout}%{?dist}
+Release: 10%{?checkout}%{?dist}
 Summary: Routing daemon
 License: GPLv2+
 URL: http://www.frrouting.org
@@ -40,6 +40,8 @@ Patch0002: 0002-enable-openssl.patch
 Patch0003: 0003-disable-eigrp-crypto.patch
 Patch0004: 0004-fips-mode.patch
 Patch0005: 0005-igmp-trusted-query.patch
+Patch0006: 0006-CVE-2020-12831.patch
+Patch0007: 0007-bfd-port-range.patch
 
 %description
 FRRouting is free software that manages TCP/IP based routing protocols. It takes
@@ -217,10 +219,16 @@ make check PYTHON=%{__python3}
 %{_includedir}/frr/eigrpd/*.h
 
 %changelog
-* Tue May 05 2020 Michal Ruprich <michalruprich@gmail.com> - 7.0-8
+* Thu Aug 20 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-10
+- Resolves: #1867793 - FRR does not conform to the source port range specified in RFC5881
+
+* Thu Aug 20 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-9
+- Resolves: #1852476 - default permission issue eases information leaks
+
+* Tue May 05 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-8
 - Resolves: #1819319 - frr fails to start start if the initscripts package is missing
 
-* Mon May 04 2020 Michal Ruprich <michalruprich@gmail.com> - 7.0-7
+* Mon May 04 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-7
 - Resolves: #1758544 - IGMPv3 queries may lead to DoS
 
 * Tue Mar 10 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-6