diff --git a/.passt.checksum b/.passt.checksum
index 8598be5ad1d1ccbb24eec1ca3f7f16524465f748..70df54d1a2c9b17385ca8e10431cf4207f80274c 100644
--- a/.passt.checksum
+++ b/.passt.checksum
@@ -1 +1 @@
-9a420fce64dd5d55bd6b30ef4c781c8caaeda7f2148d14b318c356dab767bb94
+642dfeadac92b3a81224c3ae9289642354e260a341101d546cd60666753351a0
diff --git a/.passt.metadata b/.passt.metadata
index 173238903b1398a54c8dcd55243f4ec4bcc0fe60..9560aa5485c2be844bd11f40d2ca1f3eb962d5e9 100644
--- a/.passt.metadata
+++ b/.passt.metadata
@@ -1 +1 @@
-b8748957d3ea8a09145438087e2527cc687e188c6df6010cab80b4b58cd6601d SOURCES/passt-b86afe3559c0bd3d24bc6fed7c60466cf141224c.tar.xz
+ffcbfc459a689acd3086b9be20f4d8413c2c03bb94343901ece22ac19d6f559e SOURCES/passt-ee36266a55478672ad2c5f4efbd6ca0bef3d37cd.tar.xz
diff --git a/SOURCES/0002-flow-Don-t-crash-if-guest-attempts-to-connect-to-por.patch b/SOURCES/0002-flow-Don-t-crash-if-guest-attempts-to-connect-to-por.patch
new file mode 100644
index 0000000000000000000000000000000000000000..00692fa6951302865349956bbcc9bbd54c2507b1
--- /dev/null
+++ b/SOURCES/0002-flow-Don-t-crash-if-guest-attempts-to-connect-to-por.patch
@@ -0,0 +1,64 @@
+From 002b2a23380d4df552bac7665d462ac4c7bced0b Mon Sep 17 00:00:00 2001
+From: David Gibson <david@gibson.dropbear.id.au>
+Date: Wed, 14 Aug 2024 20:03:33 +1000
+Subject: [PATCH] flow: Don't crash if guest attempts to connect to port 0
+
+Using a zero port on TCP or UDP is dubious, and we can't really deal with
+forwarding such a flow within the constraints of the socket API.  Hence
+we ASSERT()ed that we had non-zero ports in flow_hash().
+
+The intention was to make sure that the protocol code sanitizes such ports
+before completing a flow entry.  Unfortunately, flow_hash() is also called
+on new packets to see if they have an existing flow, so the unsanitized
+guest packet can crash passt with the assert.
+
+Correct this by moving the assert from flow_hash() to flow_sidx_hash()
+which is only used on entries already in the table, not on unsanitized
+data.
+
+Reported-by: Matt Hamilton <matt@thmail.io>
+Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
+---
+ flow.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+diff --git a/flow.c b/flow.c
+index 687e9fd..93b687d 100644
+--- a/flow.c
++++ b/flow.c
+@@ -561,12 +561,6 @@ static uint64_t flow_hash(const struct ctx *c, uint8_t proto, uint8_t pif,
+ {
+ 	struct siphash_state state = SIPHASH_INIT(c->hash_secret);
+ 
+-	/* For the hash table to work, we need complete endpoint information,
+-	 * and at least a forwarding port.
+-	 */
+-	ASSERT(pif != PIF_NONE && !inany_is_unspecified(&side->eaddr) &&
+-	       side->eport != 0 && side->fport != 0);
+-
+ 	inany_siphash_feed(&state, &side->faddr);
+ 	inany_siphash_feed(&state, &side->eaddr);
+ 
+@@ -586,8 +580,16 @@ static uint64_t flow_hash(const struct ctx *c, uint8_t proto, uint8_t pif,
+ static uint64_t flow_sidx_hash(const struct ctx *c, flow_sidx_t sidx)
+ {
+ 	const struct flow_common *f = &flow_at_sidx(sidx)->f;
+-	return flow_hash(c, FLOW_PROTO(f),
+-			 f->pif[sidx.sidei], &f->side[sidx.sidei]);
++	const struct flowside *side = &f->side[sidx.sidei];
++	uint8_t pif = f->pif[sidx.sidei];
++
++	/* For the hash table to work, entries must have complete endpoint
++	 * information, and at least a forwarding port.
++	 */
++	ASSERT(pif != PIF_NONE && !inany_is_unspecified(&side->eaddr) &&
++	       side->eport != 0 && side->fport != 0);
++
++	return flow_hash(c, FLOW_PROTO(f), pif, side);
+ }
+ 
+ /**
+-- 
+2.43.0
+
diff --git a/SPECS/passt.spec b/SPECS/passt.spec
index b6b9eb883c5ea3ed75f8176d6450833ba578a3fc..6b9e6f51e89a66a02d82dfc1003f8eed90567b11 100644
--- a/SPECS/passt.spec
+++ b/SPECS/passt.spec
@@ -7,19 +7,20 @@
 # Copyright (c) 2022 Red Hat GmbH
 # Author: Stefano Brivio <sbrivio@redhat.com>
 
-%global git_hash b86afe3559c0bd3d24bc6fed7c60466cf141224c
+%global git_hash ee36266a55478672ad2c5f4efbd6ca0bef3d37cd
 %global selinuxtype targeted
 
 Name:		passt
-Version:	0^20231204.gb86afe3
-Release:	1%{?dist}
+Version:	0^20240806.gee36266
+Release:	2%{?dist}
 Summary:	User-mode networking daemons for virtual machines and namespaces
-License:	GPLv2+ and BSD
+License:	GPL-2.0-or-later AND BSD-3-Clause
 Group:		System Environment/Daemons
 URL:		https://passt.top/
 Source:		https://passt.top/passt/snapshot/passt-%{git_hash}.tar.xz
 
 Patch1:		0001-selinux-Drop-user_namespace-create-allow-rules.patch
+Patch2:		0002-flow-Don-t-crash-if-guest-attempts-to-connect-to-por.patch
 
 BuildRequires:	gcc, make, git, checkpolicy, selinux-policy-devel
 Requires:	(%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
@@ -126,6 +127,21 @@ fi
 %{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp
 
 %changelog
+* Wed Aug 14 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240806-gee36266-2
+- Resolves: RHEL-54268
+
+* Wed Aug  7 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240806.gee36266-1
+- Resolves: RHEL-53189
+
+* Fri Aug  2 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240726.g57a21d2-1
+- Resolves: RHEL-52638
+
+* Mon Jun 24 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240624.g1ee2eca-1
+- Resolves: RHEL-44837
+
+* Wed May 22 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240510.g7288448-1
+- Resolves: RHEL-37647
+
 * Fri Dec 15 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231204.gb86afe3-1
 - Resolves: RHEL-19590