diff --git a/SOURCES/libcap-check-allocation.patch b/SOURCES/libcap-check-allocation.patch
new file mode 100644
index 0000000..c4ad2f0
--- /dev/null
+++ b/SOURCES/libcap-check-allocation.patch
@@ -0,0 +1,54 @@
+--- a/libcap/cap_alloc.c	2021-02-05 06:52:17.000000000 +0100
++++ b/libcap/cap_alloc.c	2022-05-17 20:06:53.570560396 +0200
+@@ -123,6 +123,10 @@
+ 
+ cap_iab_t cap_iab_init(void) {
+     __u32 *base = calloc(1, sizeof(__u32) + sizeof(struct cap_iab_s));
++    if (base == NULL) {
++	_cap_debug("out of memory");
++	return NULL;
++    }
+     *(base++) = CAP_IAB_MAGIC;
+     return (cap_iab_t) base;
+ }
+@@ -138,6 +142,10 @@
+ 			      const char * const *envp)
+ {
+     __u32 *data = calloc(1, sizeof(__u32) + sizeof(struct cap_launch_s));
++    if (data == NULL) {
++	_cap_debug("out of memory");
++	return NULL;
++    }
+     *(data++) = CAP_LAUNCH_MAGIC;
+     struct cap_launch_s *attr = (struct cap_launch_s *) data;
+     attr->arg0 = arg0;
+--- a/libcap/cap_proc.c	2022-05-17 20:07:36.301803359 +0200
++++ b/libcap/cap_proc.c	2022-05-17 20:06:59.238592623 +0200
+@@ -677,9 +677,25 @@
+  */
+ cap_iab_t cap_iab_get_proc(void)
+ {
+-    cap_iab_t iab = cap_iab_init();
+-    cap_t current = cap_get_proc();
++    cap_iab_t iab;
++    cap_t current;
++
++    iab = cap_iab_init();
++    if (iab == NULL) {
++	_cap_debug("no memory for IAB tuple");
++	return NULL;
++    }
++
++    current = cap_get_proc();
++    if (current == NULL) {
++	_cap_debug("no memory for cap_t");
++	cap_free(iab);
++	return NULL;
++    }
++
+     cap_iab_fill(iab, CAP_IAB_INH, current, CAP_INHERITABLE);
++    cap_free(current);
++
+     cap_value_t c;
+     for (c = cap_max_bits(); c; ) {
+ 	--c;
diff --git a/SOURCES/libcap-fix-prctl-usage.patch b/SOURCES/libcap-fix-prctl-usage.patch
new file mode 100644
index 0000000..018310a
--- /dev/null
+++ b/SOURCES/libcap-fix-prctl-usage.patch
@@ -0,0 +1,128 @@
+diff --git a/libcap/cap_proc.c b/libcap/cap_proc.c
+--- a/libcap/cap_proc.c
++++ b/libcap/cap_proc.c
+@@ -135,7 +135,13 @@ static int _libcap_wprctl3(struct syscaller_s *sc,
+ 			   long int pr_cmd, long int arg1, long int arg2)
+ {
+     if (_libcap_overrode_syscalls) {
+-	return sc->three(SYS_prctl, pr_cmd, arg1, arg2);
++	int result;
++	result = sc->three(SYS_prctl, pr_cmd, arg1, arg2);
++	if (result >= 0) {
++	    return result;
++	}
++	errno = -result;
++	return -1;
+     }
+     return prctl(pr_cmd, arg1, arg2, 0, 0, 0);
+ }
+@@ -145,7 +151,13 @@ static int _libcap_wprctl6(struct syscaller_s *sc,
+ 			   long int arg3, long int arg4, long int arg5)
+ {
+     if (_libcap_overrode_syscalls) {
+-	return sc->six(SYS_prctl, pr_cmd, arg1, arg2, arg3, arg4, arg5);
++	int result;
++	result = sc->six(SYS_prctl, pr_cmd, arg1, arg2, arg3, arg4, arg5);
++	if (result >= 0) {
++	    return result;
++	}
++	errno = -result;
++	return -1;
+     }
+     return prctl(pr_cmd, arg1, arg2, arg3, arg4, arg5);
+ }
+@@ -271,26 +283,12 @@ int capsetp(pid_t pid, cap_t cap_d)
+ 
+ int cap_get_bound(cap_value_t cap)
+ {
+-    int result;
+-
+-    result = prctl(PR_CAPBSET_READ, pr_arg(cap), pr_arg(0));
+-    if (result < 0) {
+-	errno = -result;
+-	return -1;
+-    }
+-    return result;
++    return prctl(PR_CAPBSET_READ, pr_arg(cap), pr_arg(0));
+ }
+ 
+ static int _cap_drop_bound(struct syscaller_s *sc, cap_value_t cap)
+ {
+-    int result;
+-
+-    result = _libcap_wprctl3(sc, PR_CAPBSET_DROP, pr_arg(cap), pr_arg(0));
+-    if (result < 0) {
+-	errno = -result;
+-	return -1;
+-    }
+-    return result;
++    return _libcap_wprctl3(sc, PR_CAPBSET_DROP, pr_arg(cap), pr_arg(0));
+ }
+ 
+ /* drop a capability from the bounding set */
+@@ -316,7 +314,7 @@ int cap_get_ambient(cap_value_t cap)
+ static int _cap_set_ambient(struct syscaller_s *sc,
+ 			    cap_value_t cap, cap_flag_value_t set)
+ {
+-    int result, val;
++    int val;
+     switch (set) {
+     case CAP_SET:
+ 	val = PR_CAP_AMBIENT_RAISE;
+@@ -328,13 +326,8 @@ static int _cap_set_ambient(struct syscaller_s *sc,
+ 	errno = EINVAL;
+ 	return -1;
+     }
+-    result = _libcap_wprctl6(sc, PR_CAP_AMBIENT, pr_arg(val), pr_arg(cap),
+-			     pr_arg(0), pr_arg(0), pr_arg(0));
+-    if (result < 0) {
+-	errno = -result;
+-	return -1;
+-    }
+-    return result;
++    return _libcap_wprctl6(sc, PR_CAP_AMBIENT, pr_arg(val), pr_arg(cap),
++			   pr_arg(0), pr_arg(0), pr_arg(0));
+ }
+ 
+ /*
+diff --git a/libcap/cap_test.c b/libcap/cap_test.c
+--- a/libcap/cap_test.c	2021-02-05 06:52:17.000000000 +0100
++++ b/libcap/cap_test.c	2022-05-16 18:24:55.754193142 +0200
+@@ -29,11 +29,36 @@
+     return failed;
+ }
+ 
++static int test_prctl(void)
++{
++    int ret, retval=0;
++    errno = 0;
++    ret = cap_get_bound((cap_value_t) -1);
++    if (ret != -1) {
++	printf("cap_get_bound(-1) did not return error: %d\n", ret);
++	retval = -1;
++    } else if (errno != EINVAL) {
++	perror("cap_get_bound(-1) errno != EINVAL");
++	retval = -1;
++    }
++    return retval;
++}
++
+ int main(int argc, char **argv) {
+     int result = 0;
++    printf("test_cap_bits: being called\n");
++    fflush(stdout);
+     result = test_cap_bits() | result;
++    printf("test_prctl: being called\n");
++    fflush(stdout);
++    result = test_prctl() | result;
++    printf("tested\n");
++    fflush(stdout);
++
+     if (result) {
+-	printf("test FAILED\n");
++	printf("cap_test FAILED\n");
+ 	exit(1);
+     }
++    printf("cap_test PASS\n");
++    exit(0);
+ }
diff --git a/SPECS/libcap.spec b/SPECS/libcap.spec
index 0b9e464..ec6587d 100644
--- a/SPECS/libcap.spec
+++ b/SPECS/libcap.spec
@@ -1,6 +1,6 @@
 Name: libcap
 Version: 2.48
-Release: 2%{?dist}
+Release: 4%{?dist}
 Summary: Library for getting and setting POSIX.1e capabilities
 URL: https://sites.google.com/site/fullycapable/
 License: BSD or GPLv2
@@ -11,6 +11,8 @@ Patch0: %{name}-2.48-buildflags.patch
 Patch1: %{name}-abi-compatibility.patch
 Patch2: %{name}-static-analysis.patch
 Patch3: %{name}-fix-ambient-caps.patch
+Patch4: %{name}-fix-prctl-usage.patch
+Patch5: %{name}-check-allocation.patch
 
 BuildRequires: libattr-devel pam-devel perl-interpreter
 BuildRequires: make
@@ -89,6 +91,14 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
 %{_libdir}/pkgconfig/libpsx.pc
 
 %changelog
+* Tue May 17 2022 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 2.48-4
+- check for successful memory allocation
+  related: rhbz#2062648
+
+* Mon May 16 2022 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 2.48-3
+- avoid overwriting errno set by prctl
+  resolves: rhbz#2062648
+
 * Fri Jan 28 2022 Zoltan Fridrich <zfridric@redhat.com> - 2.48-2
 - rebase to 2.48
   resolves: rhbz#2032813