diff --git a/SOURCES/gnutls-3.1.18-fix-crash-on-certain-names.patch b/SOURCES/gnutls-3.1.18-fix-crash-on-certain-names.patch
new file mode 100644
index 0000000..6bd51db
--- /dev/null
+++ b/SOURCES/gnutls-3.1.18-fix-crash-on-certain-names.patch
@@ -0,0 +1,35 @@
+From d3648ebb04b650e6d20a2ec1fb839256b30b9fc6 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Sun, 26 Jan 2014 20:03:50 +0100
+Subject: [PATCH] fixed null pointer derefence when printing a name and an LDAP
+ description isn't present for the OID
+
+Conflicts:
+	lib/x509/common.c
+---
+ lib/x509/common.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/x509/common.c b/lib/x509/common.c
+index 59b7e93..f761b25 100644
+--- a/lib/x509/common.c
++++ b/lib/x509/common.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (C) 2003-2012 Free Software Foundation, Inc.
++ * Copyright (C) 2003-2014 Free Software Foundation, Inc.
+  *
+  * Author: Nikos Mavrogiannopoulos
+  *
+@@ -242,7 +242,7 @@ gnutls_x509_dn_oid_name (const char *oid, unsigned int flags)
+ 
+   do
+     {
+-      if (strcmp (_oid2str[i].oid, oid) == 0)
++      if (strcmp (_oid2str[i].oid, oid) == 0 && _oid2str[i].ldap_desc != NULL)
+         return _oid2str[i].ldap_desc;
+       i++;
+     }
+-- 
+1.9.0
+
diff --git a/SOURCES/gnutls-3.1.18-server-hello-fix.patch b/SOURCES/gnutls-3.1.18-server-hello-fix.patch
new file mode 100644
index 0000000..e9721a7
--- /dev/null
+++ b/SOURCES/gnutls-3.1.18-server-hello-fix.patch
@@ -0,0 +1,12 @@
+diff -ur gnutls-3.1.18.orig/lib/gnutls_handshake.c gnutls-3.1.18/lib/gnutls_handshake.c
+--- gnutls-3.1.18.orig/lib/gnutls_handshake.c	2013-11-15 18:10:53.000000000 +0100
++++ gnutls-3.1.18/lib/gnutls_handshake.c	2014-05-28 13:43:50.922689540 +0200
+@@ -1679,7 +1679,7 @@
+   DECR_LEN (len, 1);
+   session_id_len = data[pos++];
+ 
+-  if (len < session_id_len)
++  if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE)
+     {
+       gnutls_assert ();
+       return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
diff --git a/SPECS/gnutls.spec b/SPECS/gnutls.spec
index 4505bb1..5ecc573 100644
--- a/SPECS/gnutls.spec
+++ b/SPECS/gnutls.spec
@@ -3,7 +3,7 @@
 Summary: A TLS protocol implementation
 Name: gnutls
 Version: 3.1.18
-Release: 8%{?dist}
+Release: 9%{?dist}
 # The libraries are LGPLv2.1+, utilities are GPLv3+, however
 # the bundled gnulib is LGPLv3+
 License: GPLv3+ and LGPLv2+ and LGPLv3+
@@ -38,6 +38,8 @@ Patch8: gnutls-3.1.11-nosrp.patch
 Patch9: gnutls-3.1.10-tests-rndport.patch
 Patch10: gnutls-3.1.18-suiteb.patch
 Patch11: gnutls-3.1.18-cve-2014-0092.patch
+Patch12: gnutls-3.1.18-server-hello-fix.patch
+Patch13: gnutls-3.1.18-fix-crash-on-certain-names.patch
 
 # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
 Provides: bundled(gnulib) = 20130424
@@ -147,6 +149,8 @@ This package contains Guile bindings for the library.
 %patch9 -p1 -b .rndport
 %patch10 -p1 -b .suiteb
 %patch11 -p1 -b .cve-2014-0092
+%patch12 -p1 -b .server-hello-fix
+%patch13 -p1 -b .fix-crash-on-certain-names
 
 %{SOURCE2} -e
 
@@ -281,6 +285,10 @@ fi
 %endif
 
 %changelog
+* Wed May 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.18-9
+- fix session ID length check (#1102027)
+- fixes null pointer dereference (#1101727)
+
 * Tue Feb 25 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.18-8
 - fixes CVE-2014-0092 (#1071815)