diff --git a/SOURCES/apr-1.4.8-r1561395.patch b/SOURCES/apr-1.4.8-r1561395.patch
new file mode 100644
index 0000000..2c2bedc
--- /dev/null
+++ b/SOURCES/apr-1.4.8-r1561395.patch
@@ -0,0 +1,51 @@
+
+https://svn.apache.org/viewvc?view=revision&revision=1561395
+
+--- apr-1.4.8/shmem/unix/shm.c.r1561395
++++ apr-1.4.8/shmem/unix/shm.c
+@@ -20,6 +20,18 @@
+ #include "apr_errno.h"
+ #include "apr_user.h"
+ #include "apr_strings.h"
++#include "apr_hash.h"
++
++#if APR_USE_SHMEM_SHMGET
++static key_t our_ftok(const char *filename)
++{
++    /* to help avoid collisions while still using
++     * an easily recreated proj_id */
++    apr_ssize_t slen = strlen(filename);
++    return ftok(filename,
++                (int)apr_hashfunc_default(filename, &slen));
++}
++#endif
+ 
+ static apr_status_t shm_cleanup_owner(void *m_)
+ {
+@@ -312,7 +324,7 @@
+ 
+         /* ftok() (on solaris at least) requires that the file actually
+          * exist before calling ftok(). */
+-        shmkey = ftok(filename, 1);
++        shmkey = our_ftok(filename);
+         if (shmkey == (key_t)-1) {
+             return errno;
+         }
+@@ -386,7 +398,7 @@
+ 
+     /* ftok() (on solaris at least) requires that the file actually
+      * exist before calling ftok(). */
+-    shmkey = ftok(filename, 1);
++    shmkey = our_ftok(filename);
+     if (shmkey == (key_t)-1) {
+         goto shm_remove_failed;
+     }
+@@ -540,7 +552,7 @@
+ 
+         new_m->filename = apr_pstrdup(pool, filename);
+         new_m->pool = pool;
+-        shmkey = ftok(filename, 1);
++        shmkey = our_ftok(filename);
+         if (shmkey == (key_t)-1) {
+             return errno;
+         }
diff --git a/SPECS/apr.spec b/SPECS/apr.spec
index e4380ee..06c9023 100644
--- a/SPECS/apr.spec
+++ b/SPECS/apr.spec
@@ -6,7 +6,7 @@
 Summary: Apache Portable Runtime library
 Name: apr
 Version: 1.4.8
-Release: 3%{?dist}.1
+Release: 5%{?dist}
 # ASL 2.0: everything
 # ISC: network_io/apr-1.4.6/network_io/unix/inet_?to?.c
 # BSD with advertising: strings/apr_snprintf.c, strings/apr_fnmatch.c,
@@ -21,8 +21,9 @@ Source1: apr-wrapper.h
 Patch2: apr-1.2.2-locktimeout.patch
 Patch3: apr-1.2.2-libdir.patch
 Patch4: apr-1.2.7-pkgconf.patch
-
-#Security patches
+# https://bugzilla.redhat.com/show_bug.cgi?id=1656482
+Patch5: apr-1.4.8-r1561395.patch
+#security patches
 Patch10: apr-1.4.8-CVE-2017-12613.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
 BuildRequires: autoconf, libtool, libuuid-devel, python
@@ -52,10 +53,10 @@ C data structures and routines.
 %patch2 -p1 -b .locktimeout
 %patch3 -p1 -b .libdir
 %patch4 -p1 -b .pkgconf
+%patch5 -p1 -b .r1561395
 
 # https://bugzilla.redhat.com/show_bug.cgi?id=1506523
 %patch10 -p1 -b .CVE-2017-12613
-
 %build
 # regenerate configure script etc.
 ./buildconf
@@ -135,9 +136,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/*.m4
 
 %changelog
-* Mon Oct 30 2017 Luboš Uhliarik <luhliari@redhat.com> - 1.4.8-3.1
-- Resolves: #1507349 - CVE-2017-12613 apr: Out-of-bounds array deref
-  in apr_time_exp*() functions
+* Thu Mar 21 2019 Joe Orton <jorton@redhat.com> - 1.4.8-5
+- improve key generation for name-based apr_shm_create() (r1561395, #1656482)
+
+* Mon Oct 30 2017 Luboš Uhliarik <luhliari@redhat.com> - 1.4.8-4
+- Resolves: #1507348 - CVE-2017-12613 apr: Out-of-bounds array
+  deref in apr_time_exp*() functions
 
 * Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.4.8-3
 - Mass rebuild 2014-01-24