diff --git a/SOURCES/libtirpc-0.2.4-CVE-2017-8779.patch b/SOURCES/libtirpc-0.2.4-CVE-2017-8779.patch
new file mode 100644
index 0000000..91b6157
--- /dev/null
+++ b/SOURCES/libtirpc-0.2.4-CVE-2017-8779.patch
@@ -0,0 +1,251 @@
+diff -up libtirpc-0.2.4/src/rpcb_prot.c.orig libtirpc-0.2.4/src/rpcb_prot.c
+--- libtirpc-0.2.4/src/rpcb_prot.c.orig	2013-12-09 15:59:51.000000000 -0500
++++ libtirpc-0.2.4/src/rpcb_prot.c	2017-05-17 13:05:47.562168877 -0400
+@@ -41,6 +41,7 @@
+ #include <rpc/types.h>
+ #include <rpc/xdr.h>
+ #include <rpc/rpcb_prot.h>
++#include "rpc_com.h"
+ 
+ bool_t
+ xdr_rpcb(xdrs, objp)
+@@ -53,13 +54,13 @@ xdr_rpcb(xdrs, objp)
+ 	if (!xdr_u_int32_t(xdrs, &objp->r_vers)) {
+ 		return (FALSE);
+ 	}
+-	if (!xdr_string(xdrs, &objp->r_netid, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->r_netid, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+-	if (!xdr_string(xdrs, &objp->r_addr, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->r_addr, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+-	if (!xdr_string(xdrs, &objp->r_owner, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->r_owner, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+ 	return (TRUE);
+@@ -159,19 +160,19 @@ xdr_rpcb_entry(xdrs, objp)
+ 	XDR *xdrs;
+ 	rpcb_entry *objp;
+ {
+-	if (!xdr_string(xdrs, &objp->r_maddr, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->r_maddr, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+-	if (!xdr_string(xdrs, &objp->r_nc_netid, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->r_nc_netid, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+ 	if (!xdr_u_int32_t(xdrs, &objp->r_nc_semantics)) {
+ 		return (FALSE);
+ 	}
+-	if (!xdr_string(xdrs, &objp->r_nc_protofmly, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->r_nc_protofmly, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+-	if (!xdr_string(xdrs, &objp->r_nc_proto, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->r_nc_proto, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+ 	return (TRUE);
+@@ -292,7 +293,7 @@ xdr_rpcb_rmtcallres(xdrs, p)
+ 	bool_t dummy;
+ 	struct r_rpcb_rmtcallres *objp = (struct r_rpcb_rmtcallres *)(void *)p;
+ 
+-	if (!xdr_string(xdrs, &objp->addr, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->addr, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+ 	if (!xdr_u_int(xdrs, &objp->results.results_len)) {
+@@ -312,6 +313,11 @@ xdr_netbuf(xdrs, objp)
+ 	if (!xdr_u_int32_t(xdrs, (u_int32_t *) &objp->maxlen)) {
+ 		return (FALSE);
+ 	}
++
++	if (objp->maxlen > RPC_MAXDATASIZE) {
++		return (FALSE);
++	}
++
+ 	dummy = xdr_bytes(xdrs, (char **)&(objp->buf),
+ 			(u_int *)&(objp->len), objp->maxlen);
+ 	return (dummy);
+diff -up libtirpc-0.2.4/src/rpcb_st_xdr.c.orig libtirpc-0.2.4/src/rpcb_st_xdr.c
+--- libtirpc-0.2.4/src/rpcb_st_xdr.c.orig	2013-12-09 15:59:51.000000000 -0500
++++ libtirpc-0.2.4/src/rpcb_st_xdr.c	2017-05-17 13:05:47.562168877 -0400
+@@ -38,6 +38,7 @@
+ #include <sys/cdefs.h>
+ 
+ #include <rpc/rpc.h>
++#include "rpc_com.h"
+ 
+ /* Link list of all the stats about getport and getaddr */
+ 
+@@ -59,7 +60,7 @@ xdr_rpcbs_addrlist(xdrs, objp)
+ 	    if (!xdr_int(xdrs, &objp->failure)) {
+ 		return (FALSE);
+ 	    }
+-	    if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
++	    if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	    }
+ 
+@@ -110,7 +111,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
+ 		IXDR_PUT_INT32(buf, objp->failure);
+ 		IXDR_PUT_INT32(buf, objp->indirect);
+ 	}
+-	if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+ 	if (!xdr_pointer(xdrs, (char **)&objp->next,
+@@ -148,7 +149,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
+ 		objp->failure = (int)IXDR_GET_INT32(buf);
+ 		objp->indirect = (int)IXDR_GET_INT32(buf);
+ 	}
+-	if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+ 	if (!xdr_pointer(xdrs, (char **)&objp->next,
+@@ -176,7 +177,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
+ 	if (!xdr_int(xdrs, &objp->indirect)) {
+ 		return (FALSE);
+ 	}
+-	if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+ 	if (!xdr_pointer(xdrs, (char **)&objp->next,
+diff -up libtirpc-0.2.4/src/rpc_generic.c.orig libtirpc-0.2.4/src/rpc_generic.c
+--- libtirpc-0.2.4/src/rpc_generic.c.orig	2013-12-09 15:59:51.000000000 -0500
++++ libtirpc-0.2.4/src/rpc_generic.c	2017-05-17 13:05:47.562168877 -0400
+@@ -615,6 +615,9 @@ __rpc_taddr2uaddr_af(int af, const struc
+ 
+ 	switch (af) {
+ 	case AF_INET:
++		if (nbuf->len < sizeof(*sin)) {
++			return NULL;
++		}
+ 		sin = nbuf->buf;
+ 		if (inet_ntop(af, &sin->sin_addr, namebuf, sizeof namebuf)
+ 		    == NULL)
+@@ -626,6 +629,9 @@ __rpc_taddr2uaddr_af(int af, const struc
+ 		break;
+ #ifdef INET6
+ 	case AF_INET6:
++		if (nbuf->len < sizeof(*sin6)) {
++			return NULL;
++		}
+ 		sin6 = nbuf->buf;
+ 		if (inet_ntop(af, &sin6->sin6_addr, namebuf6, sizeof namebuf6)
+ 		    == NULL)
+@@ -668,6 +674,8 @@ __rpc_uaddr2taddr_af(int af, const char
+ 
+ 	port = 0;
+ 	sin = NULL;
++	if (uaddr == NULL)
++		return NULL;
+ 	addrstr = strdup(uaddr);
+ 	if (addrstr == NULL)
+ 		return NULL;
+diff -up libtirpc-0.2.4/src/xdr.c.orig libtirpc-0.2.4/src/xdr.c
+--- libtirpc-0.2.4/src/xdr.c.orig	2013-12-09 15:59:51.000000000 -0500
++++ libtirpc-0.2.4/src/xdr.c	2017-05-17 13:05:47.563168892 -0400
+@@ -43,8 +43,10 @@
+ #include <stdlib.h>
+ #include <string.h>
+ 
++#include <rpc/rpc.h>
+ #include <rpc/types.h>
+ #include <rpc/xdr.h>
++#include <rpc/rpc_com.h>
+ 
+ typedef quad_t          longlong_t;     /* ANSI long long type */
+ typedef u_quad_t        u_longlong_t;   /* ANSI unsigned long long type */
+@@ -54,7 +56,6 @@ typedef u_quad_t        u_longlong_t;
+  */
+ #define XDR_FALSE	((long) 0)
+ #define XDR_TRUE	((long) 1)
+-#define LASTUNSIGNED	((u_int) 0-1)
+ 
+ /*
+  * for unit alignment
+@@ -630,6 +631,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
+ {
+ 	char *sp = *cpp;  /* sp is the actual string pointer */
+ 	u_int nodesize;
++	bool_t ret, allocated = FALSE;
+ 
+ 	/*
+ 	 * first deal with the length since xdr bytes are counted
+@@ -653,6 +655,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
+ 		}
+ 		if (sp == NULL) {
+ 			*cpp = sp = mem_alloc(nodesize);
++			allocated = TRUE;
+ 		}
+ 		if (sp == NULL) {
+ 			warnx("xdr_bytes: out of memory");
+@@ -661,7 +664,14 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
+ 		/* FALLTHROUGH */
+ 
+ 	case XDR_ENCODE:
+-		return (xdr_opaque(xdrs, sp, nodesize));
++		ret = xdr_opaque(xdrs, sp, nodesize);
++		if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
++			if (allocated == TRUE) {
++				free(sp);
++				*cpp = NULL;
++			}
++		}
++		return (ret);
+ 
+ 	case XDR_FREE:
+ 		if (sp != NULL) {
+@@ -755,6 +765,7 @@ xdr_string(xdrs, cpp, maxsize)
+ 	char *sp = *cpp;  /* sp is the actual string pointer */
+ 	u_int size;
+ 	u_int nodesize;
++	bool_t ret, allocated = FALSE;
+ 
+ 	/*
+ 	 * first deal with the length since xdr strings are counted-strings
+@@ -794,8 +805,10 @@ xdr_string(xdrs, cpp, maxsize)
+ 	switch (xdrs->x_op) {
+ 
+ 	case XDR_DECODE:
+-		if (sp == NULL)
++		if (sp == NULL) {
+ 			*cpp = sp = mem_alloc(nodesize);
++			allocated = TRUE;
++		}
+ 		if (sp == NULL) {
+ 			warnx("xdr_string: out of memory");
+ 			return (FALSE);
+@@ -804,7 +817,14 @@ xdr_string(xdrs, cpp, maxsize)
+ 		/* FALLTHROUGH */
+ 
+ 	case XDR_ENCODE:
+-		return (xdr_opaque(xdrs, sp, size));
++		ret = xdr_opaque(xdrs, sp, size);
++		if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
++			if (allocated == TRUE) {
++				free(sp);
++				*cpp = NULL;
++			}
++		}
++		return (ret);
+ 
+ 	case XDR_FREE:
+ 		mem_free(sp, nodesize);
+@@ -824,7 +844,7 @@ xdr_wrapstring(xdrs, cpp)
+ 	XDR *xdrs;
+ 	char **cpp;
+ {
+-	return xdr_string(xdrs, cpp, LASTUNSIGNED);
++	return xdr_string(xdrs, cpp, RPC_MAXDATASIZE);
+ }
+ 
+ /*
diff --git a/SPECS/libtirpc.spec b/SPECS/libtirpc.spec
index 19e47a9..ca4ed39 100644
--- a/SPECS/libtirpc.spec
+++ b/SPECS/libtirpc.spec
@@ -33,6 +33,11 @@ Patch005: libtirpc-0.2.4-svc_vc_create-memleak.patch
 Patch006: libtirpc-0.2.4-svc-gss-memleaks.patch
 Patch007: libtirpc-0.2.4-clnt-mthr-create.patch
 
+#
+# RHEL7.3-Z
+#
+Patch008: libtirpc-0.2.4-CVE-2017-8779.patch
+
 %description
 This package contains SunLib's implementation of transport-independent
 RPC (TI-RPC) documentation.  This library forms a piece of the base of 
@@ -72,6 +77,8 @@ developing programs which use the tirpc library.
 %patch006 -p1
 # 1342545 - Threads specifically interacting with libtirpc library...
 %patch007 -p1
+# 1449462 - CVE-2017-8779 rpcbind: libtirpc, libntirpc: Memory leak...
+%patch008 -p1
 
 # Remove .orig files
 find . -name "*.orig" | xargs rm -f
@@ -160,6 +167,9 @@ rm -rf %{buildroot}
 %{_mandir}/*/*
 
 %changelog
+* Wed May 17 2017 Steve Dickson <steved@redhat.com> 0.2.4-0.8_3
+- Fixed for CVE-2017-8779 (bz 1449462)
+
 * Mon Jun  6 2016 Steve Dickson <steved@redhat.com> 0.2.4-0.8
 - handle concurrent connect calls in clnt_vc_create() (bz 1342545)