diff --git a/SOURCES/net-snmp-5.7.2-key-leak-backport.patch b/SOURCES/net-snmp-5.7.2-key-leak-backport.patch
new file mode 100644
index 0000000..58fc6ce
--- /dev/null
+++ b/SOURCES/net-snmp-5.7.2-key-leak-backport.patch
@@ -0,0 +1,50 @@
+diff -urNp a/snmplib/keytools.c b/snmplib/keytools.c
+--- a/snmplib/keytools.c	2018-11-26 14:48:35.967812631 +0100
++++ b/snmplib/keytools.c	2018-11-26 15:21:14.758817675 +0100
+@@ -153,19 +153,21 @@ generate_Ku(const oid * hashtype, u_int
+     ctx = EVP_MD_CTX_create();
+ #else
+     ctx = malloc(sizeof(*ctx));
+-    EVP_MD_CTX_init(ctx);
++    if(!EVP_MD_CTX_init(ctx)){
++        QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
++    }
+ #endif
+ #ifndef NETSNMP_DISABLE_MD5
+     if (ISTRANSFORM(hashtype, HMACMD5Auth)) {
+         if (!EVP_DigestInit(ctx, EVP_md5()))
+             /* MD5 not supported */
+-            return SNMPERR_GENERR;
++            QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
+     } else
+ #endif
+         if (ISTRANSFORM(hashtype, HMACSHA1Auth)) {
+             if (!EVP_DigestInit(ctx, EVP_sha1()))
+                 /* SHA1 not supported */
+-                return SNMPERR_GENERR;
++                QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
+         } else {
+             QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
+         }
+diff -urNp a/snmplib/scapi.c b/snmplib/scapi.c
+--- a/snmplib/scapi.c	2018-11-26 14:48:35.967812631 +0100
++++ b/snmplib/scapi.c	2018-11-26 15:12:19.296751273 +0100
+@@ -498,7 +498,8 @@ sc_hash(const oid * hashtype, size_t has
+ #endif
+     if (!EVP_DigestInit(cptr, hashfn)) {
+         /* requested hash function is not available */
+-        return SNMPERR_SC_NOT_CONFIGURED;
++        rval = SNMPERR_SC_NOT_CONFIGURED;
++	goto sc_hash_type_quit;
+     }
+ 
+ /** pass the data */
+@@ -507,6 +508,8 @@ sc_hash(const oid * hashtype, size_t has
+ /** do the final pass */
+     EVP_DigestFinal(cptr, MAC, &tmp_len);
+     *MAC_len = tmp_len;
++
++sc_hash_type_quit:
+ #ifdef HAVE_EVP_MD_CTX_DESTROY
+     EVP_MD_CTX_destroy(cptr);
+ #else
diff --git a/SOURCES/net-snmp-5.7.2-null-magic.patch b/SOURCES/net-snmp-5.7.2-null-magic.patch
new file mode 100644
index 0000000..c8c188e
--- /dev/null
+++ b/SOURCES/net-snmp-5.7.2-null-magic.patch
@@ -0,0 +1,23 @@
+diff -urNp e/snmplib/snmp_api.c f/snmplib/snmp_api.c
+--- e/snmplib/snmp_api.c	2019-04-17 15:16:22.664807192 +0200
++++ f/snmplib/snmp_api.c	2019-04-17 15:18:09.162767964 +0200
+@@ -5362,13 +5362,17 @@ _sess_process_packet(void *sessp, netsnm
+ 	      break;
+ 	    } else {
+ 	      /* We're done with retries, so no longer waiting for a response */
+-	      ((struct synch_state*)magic)->waiting = 0;
++	      if (magic) {
++	       ((struct synch_state*)magic)->waiting = 0;
++	      }
+ 	    }
+ 	  } else {
+ 	    if (SNMPV3_IGNORE_UNAUTH_REPORTS) {
+ 	      break;
+ 	    } else { /* Set the state to no longer be waiting, since we're done with retries */
+-	      ((struct synch_state*)magic)->waiting = 0;
++	      if (magic) {
++	       ((struct synch_state*)magic)->waiting = 0;
++	      }
+ 	    }
+ 	  }
+ 
diff --git a/SOURCES/net-snmp-5.7.2-v3-forward.patch b/SOURCES/net-snmp-5.7.2-v3-forward.patch
new file mode 100644
index 0000000..c23d4e8
--- /dev/null
+++ b/SOURCES/net-snmp-5.7.2-v3-forward.patch
@@ -0,0 +1,12 @@
+diff -urNp N/snmplib/snmpusm.c M/snmplib/snmpusm.c
+--- N/snmplib/snmpusm.c	2019-03-04 13:02:27.989775985 +0100
++++ M/snmplib/snmpusm.c	2019-03-04 14:16:50.977619867 +0100
+@@ -1842,7 +1842,7 @@ usm_rgenerate_out_msg(int msgProcModel,
+     /*
+      * endif -- create keyed hash 
+      */
+-    usm_free_usmStateReference(secStateRef);
++//    usm_free_usmStateReference(secStateRef);
+     DEBUGMSGTL(("usm", "USM processing completed.\n"));
+     return SNMPERR_SUCCESS;
+ }                               /* end usm_rgenerate_out_msg() */
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index 95ecc4b..0122eef 100644
--- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec
@@ -11,7 +11,7 @@
 Summary: A collection of SNMP protocol tools and libraries
 Name: net-snmp
 Version: 5.7.2
-Release: 37%{?dist}
+Release: 38%{?dist}.2
 Epoch: 1
 
 License: BSD
@@ -106,6 +106,9 @@ Patch70: net-snmp-5.7.2-acfs.patch
 Patch71: net-snmp-5.7.2-fsync.patch
 Patch72: net-snmp-5.7.2-zfs-support.patch
 Patch73: net-snmp-5.7.2-man-page.patch
+Patch74: net-snmp-5.7.2-key-leak-backport.patch
+Patch75: net-snmp-5.7.2-null-magic.patch
+Patch76: net-snmp-5.7.2-v3-forward.patch
 
 Requires(post): chkconfig
 Requires(preun): chkconfig
@@ -332,6 +335,9 @@ The net-snmp-sysvinit package provides SysV init scripts for Net-SNMP daemons.
 %patch71 -p1 -b .fsync
 %patch72 -p1 -b .zfs-support
 %patch73 -p1 -b .man-page
+%patch74 -p1 -b .key-bakcport
+%patch75 -p1 -b .null-magic
+%patch76 -p1 -b .v3-forward
 
 %ifarch sparc64 s390 s390x
 # disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697
@@ -627,6 +633,15 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_initrddir}/snmptrapd
 
 %changelog
+* Mon May 13 2019 Josef Ridky <jridky@redhat.com> - 1:5.7.2-38.2
+- fix trapd crash when forward snmp v3 traps (#1709111)
+
+* Thu Apr 18 2019 Josef Ridky <jridky@redhat.com> - 1:5.7.2-38.1
+- secure magic variable to prevent daemon crash (#1701211)
+
+* Mon Nov 26 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.2-38
+- backport upstream fixes of memory leaks (#1650393)
+
 * Thu Sep 06 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.2-37
 - fix fsync issue (#1520761)