diff --git a/SOURCES/net-snmp-5.8-certs.patch b/SOURCES/net-snmp-5.8-certs.patch
new file mode 100644
index 0000000..c4f8393
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-certs.patch
@@ -0,0 +1,12 @@
+diff -urNp a/local/net-snmp-cert b/local/net-snmp-cert
+--- a/local/net-snmp-cert	2021-10-11 09:08:53.451970484 +0200
++++ b/local/net-snmp-cert	2021-10-11 09:11:36.765386413 +0200
+@@ -1002,7 +1002,7 @@ sub make_openssl_conf {
+ rdir            = .
+ dir		= $ENV::DIR
+ RANDFILE	= $rdir/.rand
+-MD		= sha1
++MD		= sha512
+ KSIZE		= 2048
+ CN		= net-snmp.org
+ EMAIL		= admin@net-snmp.org
diff --git a/SOURCES/net-snmp-5.8-deleted-iface.patch b/SOURCES/net-snmp-5.8-deleted-iface.patch
new file mode 100644
index 0000000..166bf66
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-deleted-iface.patch
@@ -0,0 +1,41 @@
+diff -up net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.original net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c
+--- net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.original	2022-02-02 15:06:29.382119898 +0900
++++ net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c	2022-02-02 15:15:39.298280447 +0900
+@@ -600,7 +600,6 @@ netsnmp_arch_interface_container_load(ne
+ {
+     FILE           *devin;
+     char            line[256];
+-    netsnmp_interface_entry *entry = NULL;
+     static char     scan_expected = 0;
+     int             fd;
+ #ifdef NETSNMP_ENABLE_IPV6
+@@ -669,6 +668,7 @@ netsnmp_arch_interface_container_load(ne
+      *   and retrieve (or create) the corresponding data structure.
+      */
+     while (fgets(line, sizeof(line), devin)) {
++        netsnmp_interface_entry *entry = NULL;
+         char           *stats, *ifstart = line;
+         u_int           flags;
+         oid             if_index;
+@@ -701,6 +701,11 @@ netsnmp_arch_interface_container_load(ne
+         *stats++ = 0; /* null terminate name */
+ 
+         if_index = netsnmp_arch_interface_index_find(ifstart);
++        if (if_index == 0) {
++            DEBUGMSGTL(("access:interface", "network interface %s is gone",
++                        ifstart));
++            continue;
++        }
+ 
+         /*
+          * set address type flags.
+@@ -726,7 +731,7 @@ netsnmp_arch_interface_container_load(ne
+             continue;
+         }
+ 
+-        entry = netsnmp_access_interface_entry_create(ifstart, 0);
++        entry = netsnmp_access_interface_entry_create(ifstart, if_index);
+         if(NULL == entry) {
+ #ifdef NETSNMP_ENABLE_IPV6
+             netsnmp_access_ipaddress_container_free(addr_container, 0);
+
diff --git a/SOURCES/net-snmp-5.8-util-fix.patch b/SOURCES/net-snmp-5.8-util-fix.patch
new file mode 100644
index 0000000..3b73b45
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-util-fix.patch
@@ -0,0 +1,13 @@
+diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
+--- a/snmplib/cert_util.c	2021-12-09 08:45:23.217942229 +0100
++++ b/snmplib/cert_util.c	2021-12-09 08:46:56.567562352 +0100
+@@ -1368,8 +1368,7 @@ _add_certfile(const char* dirname, const
+ 
+            okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
+            if (NULL == okey)
+-               snmp_log(LOG_ERR, "error parsing key file %s\n",
+-                     key->info.filename);
++               snmp_log(LOG_ERR, "error parsing key file %s\n", filename);
+            else {
+                key = _add_key(okey, dirname, filename, index);
+                if (NULL == key) {
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index 6d8cbda..e0dfd5a 100644
--- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec
@@ -10,7 +10,7 @@
 Summary:    A collection of SNMP protocol tools and libraries
 Name:       net-snmp
 Version:    5.8
-Release:    22%{?dist}
+Release:    25%{?dist}
 Epoch:      1
 
 License:    BSD
@@ -68,6 +68,9 @@ Patch39:    net-snmp-5.8-broken-errmsg.patch
 Patch40:    net-snmp-5.8-intermediate-certs.patch
 Patch41:    net-snmp-5.8-fix-cert-crash.patch
 Patch42:    net-snmp-5.8-engine-id.patch
+Patch43:    net-snmp-5.8-certs.patch
+Patch44:    net-snmp-5.8-util-fix.patch
+Patch45:    net-snmp-5.8-deleted-iface.patch
 
 # Modern RPM API means at least EL6
 Patch101:   net-snmp-5.8-modern-rpm-api.patch
@@ -235,6 +238,9 @@ rm -r python
 %patch40 -p1 -b .intermediate-certs
 %patch41 -p1 -b .fix-cert-crash
 %patch42 -p1 -b .engine-id
+%patch43 -p1 -b .certs
+%patch44 -p1 -b .utils
+%patch45 -p1 -b .ifaces
 
 %patch101 -p1 -b .modern-rpm-api
 
@@ -489,6 +495,15 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
 %{_libdir}/libnetsnmptrapd*.so.%{soname}*
 
 %changelog
+* Mon Feb 21 2022 Josef Ridky <jridky@redhat.com> - 1:5.8-25
+- fix segfault with error on subcontainer (#2051370)
+
+* Thu Dec 09 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-24
+- fix dereferencing null pointer (#2021403)
+
+* Mon Oct 11 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-23
+- net-snmp-cert gencert create SHA512 (#1908331)
+
 * Mon Jun 28 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-22
 - update engineTime when sending traps (#1973252)