diff --git a/.gitignore b/.gitignore
index 970d968..149f560 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,7 +9,7 @@ SOURCES/orderedhash-0.0.6.gem
 SOURCES/pcs-0.9.162.tar.gz
 SOURCES/pyagentx-0.4.pcs.1.tar.gz
 SOURCES/rack-1.6.4.gem
-SOURCES/rack-protection-1.5.3.gem
+SOURCES/rack-protection-1.5.5.gem
 SOURCES/rack-test-0.7.0.gem
 SOURCES/rpam-ruby19-1.2.1.gem
 SOURCES/sinatra-1.4.8.gem
diff --git a/.pcs.metadata b/.pcs.metadata
index e7a6117..8920f4a 100644
--- a/.pcs.metadata
+++ b/.pcs.metadata
@@ -9,7 +9,7 @@ f4d122fe287c5199040abbcd24c8082e1b0cdf93 SOURCES/multi_json-1.12.2.gem
 c088d3046113a6f2a6aed22fd1e1fb3daf43b5b5 SOURCES/pcs-0.9.162.tar.gz
 276a92c6d679a71bd0daaf12cb7b3616f1a89b72 SOURCES/pyagentx-0.4.pcs.1.tar.gz
 0a1eea6d7bb903d8c075688534480e87d4151470 SOURCES/rack-1.6.4.gem
-1c28529c1d7376c61faed80f3d3297905a14c2b3 SOURCES/rack-protection-1.5.3.gem
+f80ea6672253a90fa031db0c1e2e1fe056582118 SOURCES/rack-protection-1.5.5.gem
 3f41699c1c19ff2e2353583afa70799ced351a36 SOURCES/rack-test-0.7.0.gem
 a90e5a60d99445404a3c29a66d953a5e9918976d SOURCES/rpam-ruby19-1.2.1.gem
 3377f6140321523d7751bed3b2cc8a5201d8ec9f SOURCES/sinatra-1.4.8.gem
diff --git a/SOURCES/bz1557253-01-get-rid-of-debug-when-calling-local-pcsd.patch b/SOURCES/bz1557253-01-get-rid-of-debug-when-calling-local-pcsd.patch
new file mode 100644
index 0000000..1f0a51f
--- /dev/null
+++ b/SOURCES/bz1557253-01-get-rid-of-debug-when-calling-local-pcsd.patch
@@ -0,0 +1,53 @@
+From b14467358acacb5ff492f2df29c2c76abb9df180 Mon Sep 17 00:00:00 2001
+From: Tomas Jelinek <tojeline@redhat.com>
+Date: Tue, 20 Mar 2018 15:39:40 +0100
+Subject: [PATCH 1/3] get rid of --debug when calling local pcsd
+
+---
+ pcsd/pcsd.rb | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/pcsd/pcsd.rb b/pcsd/pcsd.rb
+index 8f5ad819..b6a7435c 100644
+--- a/pcsd/pcsd.rb
++++ b/pcsd/pcsd.rb
+@@ -239,8 +239,13 @@ post '/run_pcs' do
+     }
+     return JSON.pretty_generate(result)
+   end
+-  # do not reveal potentialy sensitive information
+-  command_decoded.delete('--debug')
++  # Do not reveal potentially sensitive information: remove --debug and all its
++  # prefixes since getopt parser in pcs considers them equal to --debug.
++  debug_items = ["--de", "--deb", "--debu", "--debug"]
++  command_sanitized = []
++  command_decoded.each { |item|
++    command_sanitized << item unless debug_items.include?(item)
++  }
+ 
+   allowed_commands = {
+     ['cluster', 'auth', '...'] => {
+@@ -341,9 +346,9 @@ post '/run_pcs' do
+   allowed = false
+   command_settings = {}
+   allowed_commands.each { |cmd, cmd_settings|
+-    if command_decoded == cmd \
++    if command_sanitized == cmd \
+       or \
+-      (cmd[-1] == '...' and cmd[0..-2] == command_decoded[0..(cmd.length - 2)])
++      (cmd[-1] == '...' and cmd[0..-2] == command_sanitized[0..(cmd.length - 2)])
+       then
+         allowed = true
+         command_settings = cmd_settings
+@@ -372,7 +377,7 @@ post '/run_pcs' do
+   options = {}
+   options['stdin'] = std_in if std_in
+   std_out, std_err, retval = run_cmd_options(
+-    @auth_user, options, PCS, *command_decoded
++    @auth_user, options, PCS, *command_sanitized
+   )
+   result = {
+     'status' => 'ok',
+-- 
+2.13.6
+
diff --git a/SOURCES/bz1557253-02-sanitize-path-when-saving-booth-config-files.patch b/SOURCES/bz1557253-02-sanitize-path-when-saving-booth-config-files.patch
new file mode 100644
index 0000000..429c3be
--- /dev/null
+++ b/SOURCES/bz1557253-02-sanitize-path-when-saving-booth-config-files.patch
@@ -0,0 +1,28 @@
+From b2cdeb7a94cd1051a05d9de9a34bfbb54dd1a1df Mon Sep 17 00:00:00 2001
+From: Tomas Jelinek <tojeline@redhat.com>
+Date: Tue, 20 Mar 2018 15:44:59 +0100
+Subject: [PATCH 2/3] sanitize path when saving booth config files
+
+---
+ pcsd/pcsd_file.rb | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/pcsd/pcsd_file.rb b/pcsd/pcsd_file.rb
+index de7d3553..4f1604a8 100644
+--- a/pcsd/pcsd_file.rb
++++ b/pcsd/pcsd_file.rb
+@@ -104,6 +104,11 @@ module PcsdFile
+       if @file[:name].empty?
+         raise PcsdExchangeFormat::Error.for_item('file', @id, "'name' is empty")
+       end
++      if @file[:name].include?('/')
++        raise PcsdExchangeFormat::Error.for_item(
++          'file', @id, "'name' cannot contain '/'"
++        )
++      end
+     end
+ 
+     def dir()
+-- 
+2.13.6
+
diff --git a/SOURCES/bz1557253-03-use-rubygem-rack-protection-1.5.5.patch b/SOURCES/bz1557253-03-use-rubygem-rack-protection-1.5.5.patch
new file mode 100644
index 0000000..511f687
--- /dev/null
+++ b/SOURCES/bz1557253-03-use-rubygem-rack-protection-1.5.5.patch
@@ -0,0 +1,25 @@
+From d9737919ae15880da163b768d223cf5149cb8cf4 Mon Sep 17 00:00:00 2001
+From: Ondrej Mular <omular@redhat.com>
+Date: Wed, 21 Mar 2018 08:09:07 +0100
+Subject: [PATCH 3/3] use rubygem rack-protection 1.5.5
+
+---
+ pcsd/Gemfile.lock | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pcsd/Gemfile.lock b/pcsd/Gemfile.lock
+index fd5a8dcc..06bfa76c 100644
+--- a/pcsd/Gemfile.lock
++++ b/pcsd/Gemfile.lock
+@@ -8,7 +8,7 @@ GEM
+     open4 (1.3.4)
+     orderedhash (0.0.6)
+     rack (1.6.4)
+-    rack-protection (1.5.3)
++    rack-protection (1.5.5)
+       rack
+     rack-test (0.7.0)
+       rack (>= 1.0)
+-- 
+2.13.6
+
diff --git a/SPECS/pcs.spec b/SPECS/pcs.spec
index f455b64..0e38af2 100644
--- a/SPECS/pcs.spec
+++ b/SPECS/pcs.spec
@@ -1,6 +1,6 @@
 Name: pcs
 Version: 0.9.162
-Release: 5%{?dist}
+Release: 5%{?dist}.1
 License: GPLv2
 URL: https://github.com/ClusterLabs/pcs
 Group: System Environment/Base
@@ -23,7 +23,7 @@ Source11: https://rubygems.org/downloads/backports-3.9.1.gem
 Source12: https://rubygems.org/downloads/multi_json-1.12.2.gem
 Source13: https://rubygems.org/downloads/open4-1.3.4.gem
 Source14: https://rubygems.org/downloads/orderedhash-0.0.6.gem
-Source15: https://rubygems.org/downloads/rack-protection-1.5.3.gem
+Source15: https://rubygems.org/downloads/rack-protection-1.5.5.gem
 Source16: https://rubygems.org/downloads/rack-test-0.7.0.gem
 Source17: https://rubygems.org/downloads/rack-1.6.4.gem
 Source18: https://rubygems.org/downloads/rpam-ruby19-1.2.1.gem
@@ -52,6 +52,9 @@ Patch100: rhel7.patch
 #rhel7 gui
 Patch101: change-cman-to-rhel6-in-messages.patch
 Patch102: show-only-warning-when-crm_mon-xml-is-invalid.patch
+Patch103: bz1557253-01-get-rid-of-debug-when-calling-local-pcsd.patch
+Patch104: bz1557253-02-sanitize-path-when-saving-booth-config-files.patch
+Patch105: bz1557253-03-use-rubygem-rack-protection-1.5.5.patch
 
 # git for patches
 BuildRequires: git
@@ -121,7 +124,7 @@ Provides: bundled(rubygem-multi_json) = 1.12.1
 Provides: bundled(rubygem-open4) = 1.3.4
 Provides: bundled(rubygem-orderedhash) = 0.0.6
 Provides: bundled(rubygem-rack) = 1.6.4
-Provides: bundled(rubygem-rack-protection) = 1.5.3
+Provides: bundled(rubygem-rack-protection) = 1.5.5
 Provides: bundled(rubygem-rack-test) = 0.6.3
 Provides: bundled(rubygem-rpam-ruby19) = 1.2.1
 Provides: bundled(rubygem-sinatra) = 1.4.8
@@ -185,6 +188,9 @@ UpdateTimestamps -p1 %{PATCH99}
 UpdateTimestamps -p1 %{PATCH100}
 UpdateTimestamps -p1 %{PATCH101}
 UpdateTimestamps -p1 %{PATCH102}
+UpdateTimestamps -p1 %{PATCH103}
+UpdateTimestamps -p1 %{PATCH104}
+UpdateTimestamps -p1 %{PATCH105}
 
 cp -f %SOURCE1 pcsd/public/images
 
@@ -420,6 +426,12 @@ run_all_tests
 %doc pyagentx_README.md
 
 %changelog
+* Wed Mar 21 2018 Ondrej Mular <omular@redhat.com> - 0.9.162-5.el7_5.1
+- Fixed CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure
+- Fixed CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call
+- Fixed CVE-2018-1000119 rack-protection: Timing attack in authenticity_token.rb
+- Resolves: rhbz#1557253
+
 * Mon Feb 05 2018 Ondrej Mular <omular@redhat.com> - 0.9.162-5
 - Fixed `pcs cluster auth` in a cluster when not authenticated and using a non-default port
 - Fixed `pcs cluster auth` in a cluster when previously authenticated using a non-default port and reauthenticating using an implicit default port