diff --git a/SOURCES/glibc-rh1927877.patch b/SOURCES/glibc-rh1927877.patch
new file mode 100644
index 0000000..d842710
--- /dev/null
+++ b/SOURCES/glibc-rh1927877.patch
@@ -0,0 +1,39 @@
+commit dca565886b5e8bd7966e15f0ca42ee5cff686673
+Author: DJ Delorie <dj@redhat.com>
+Date:   Thu Feb 25 16:08:21 2021 -0500
+
+    nscd: Fix double free in netgroupcache [BZ #27462]
+    
+    In commit 745664bd798ec8fd50438605948eea594179fba1 a use-after-free
+    was fixed, but this led to an occasional double-free.  This patch
+    tracks the "live" allocation better.
+    
+    Tested manually by a third party.
+    
+    Related: RHBZ 1927877
+    
+    Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+    Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+
+diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
+index f521df824102bbca..5ee4413ef9384ec9 100644
+--- a/nscd/netgroupcache.c
++++ b/nscd/netgroupcache.c
+@@ -248,7 +248,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ 					     : NULL);
+ 				    ndomain = (ndomain ? newbuf + ndomaindiff
+ 					       : NULL);
+-				    buffer = newbuf;
++				    *tofreep = buffer = newbuf;
+ 				  }
+ 
+ 				nhost = memcpy (buffer + bufused,
+@@ -319,7 +319,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ 		    else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE)
+ 		      {
+ 			buflen *= 2;
+-			buffer = xrealloc (buffer, buflen);
++			*tofreep = buffer = xrealloc (buffer, buflen);
+ 		      }
+ 		    else if (status == NSS_STATUS_RETURN
+ 			     || status == NSS_STATUS_NOTFOUND
diff --git a/SPECS/glibc.spec b/SPECS/glibc.spec
index 9e50f8e..2624e04 100644
--- a/SPECS/glibc.spec
+++ b/SPECS/glibc.spec
@@ -1,6 +1,6 @@
 %define glibcsrcdir glibc-2.28
 %define glibcversion 2.28
-%define glibcrelease 154%{?dist}
+%define glibcrelease 155%{?dist}
 # Pre-release tarballs are pulled in from git using a command that is
 # effectively:
 #
@@ -696,6 +696,7 @@ Patch559: glibc-rh1912670-4.patch
 Patch560: glibc-rh1912670-5.patch
 Patch561: glibc-rh1930302-1.patch
 Patch562: glibc-rh1930302-2.patch
+Patch563: glibc-rh1927877.patch
 
 ##############################################################################
 # Continued list of core "glibc" package information:
@@ -2607,6 +2608,9 @@ fi
 %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
 
 %changelog
+* Wed Mar 24 2021 Arjun Shankar <arjun@redhat.com> - 2.28-155
+- CVE-2021-27645: nscd: Fix double free in netgroupcache (#1927877)
+
 * Thu Mar 18 2021 Carlos O'Donell <carlos@redhat.com> - 2.28-154
 - Add IPPROTO_ETHERNET, IPPROTO_MPTCP, and INADDR_ALLSNOOPERS_GROUP defines
   (#1930302)