diff --git a/SOURCES/bind99-CVE-2015-5477.patch b/SOURCES/bind99-CVE-2015-5477.patch
new file mode 100644
index 0000000..c3a6e29
--- /dev/null
+++ b/SOURCES/bind99-CVE-2015-5477.patch
@@ -0,0 +1,11 @@
+diff -up bind-9.9.4/lib/dns/tkey.c.CVE-2015-5477 bind-9.9.4/lib/dns/tkey.c
+--- bind-9.9.4/lib/dns/tkey.c.CVE-2015-5477	2015-07-27 22:36:02.318505839 +0200
++++ bind-9.9.4/lib/dns/tkey.c	2015-07-27 22:36:39.764698712 +0200
+@@ -650,6 +650,7 @@ dns_tkey_processquery(dns_message_t *msg
+ 		 * Try the answer section, since that's where Win2000
+ 		 * puts it.
+ 		 */
++		name = NULL;
+ 		if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
+ 					 dns_rdatatype_tkey, 0, &name,
+ 					 &tkeyset) != ISC_R_SUCCESS) {
diff --git a/SPECS/bind.spec b/SPECS/bind.spec
index afe9d08..8f28afe 100644
--- a/SPECS/bind.spec
+++ b/SPECS/bind.spec
@@ -29,7 +29,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  ISC
 Version:  9.9.4
-Release:  18%{?PATCHVER}%{?PREVER}%{?dist}.2
+Release:  18%{?PATCHVER}%{?PREVER}%{?dist}.3
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -99,6 +99,7 @@ Patch146:bind99-rh1098959.patch
 Patch147:bind99-CVE-2014-8500.patch
 Patch148:bind99-CVE-2015-1349.patch
 Patch149:bind99-CVE-2015-4620.patch
+Patch150:bind99-CVE-2015-5477.patch
 
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -327,6 +328,7 @@ popd
 %patch147 -p1 -b .CVE-2014-8500
 %patch148 -p1 -b .CVE-2015-1349
 %patch149 -p1 -b .CVE-2015-4620
+%patch150 -p1 -b .CVE-2015-5477
 
 %if %{SDB}
 %patch101 -p1 -b .old-api
@@ -946,6 +948,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
+* Mon Jul 27 2015 Florian Weimer <fweimer@redhat.com> - 32:9.9.4-18.3
+- Fix CVE-2015-5477
+
 * Wed Jul 08 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-18.2
 - Fix CVE-2015-4620