diff --git a/SOURCES/nginx-1.16.0-CVE-2021-23017.patch b/SOURCES/nginx-1.16.0-CVE-2021-23017.patch
new file mode 100644
index 0000000..7db5058
--- /dev/null
+++ b/SOURCES/nginx-1.16.0-CVE-2021-23017.patch
@@ -0,0 +1,24 @@
+diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
+index 593645d..064ec7a 100644
+--- a/src/core/ngx_resolver.c
++++ b/src/core/ngx_resolver.c
+@@ -3992,15 +3992,15 @@ done:
+             n = *src++;
+ 
+         } else {
++            if (dst != name->data) {
++                *dst++ = '.';
++            }
++
+             ngx_strlow(dst, src, n);
+             dst += n;
+             src += n;
+ 
+             n = *src++;
+-
+-            if (n != 0) {
+-                *dst++ = '.';
+-            }
+         }
+ 
+         if (n == 0) {
diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec
index e60c7a5..a5950bf 100644
--- a/SPECS/nginx.spec
+++ b/SPECS/nginx.spec
@@ -41,7 +41,7 @@
 Name:              %{?scl:%scl_prefix}nginx
 Epoch:             1
 Version:           1.16.1
-Release:           4%{?dist}.1
+Release:           6%{?dist}
 Summary:           A high performance web server and reverse proxy server
 Group:             System Environment/Daemons
 # BSD License (two clause)
@@ -78,9 +78,12 @@ Patch2:            nginx-1.16.0-pkcs11.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1655530
 Patch3:            nginx-1.14.1-perl-module-hardening.patch
 
-# https://bugzilla.redhat.com/show_bug.cgi?id=1848449
+# https://bugzilla.redhat.com/show_bug.cgi?id=1798233
 Patch4:            nginx-1.16.0-CVE-2019-20372.patch
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=1963121
+Patch5:            nginx-1.16.0-CVE-2021-23017.patch
+
 
 BuildRequires:     gd-devel
 %if 0%{?with_gperftools}
@@ -187,6 +190,7 @@ Requires:          %{?scl:%scl_prefix}nginx
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 cp %{SOURCE200} .
 
 %build
@@ -626,9 +630,14 @@ fi
 %{_libdir}/nginx/modules/ngx_stream_module.so
 
 %changelog
-* Tue Jun 23 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-4.1
-- Resolves: #1848449 - CVE-2019-20372 rh-nginx116-nginx: nginx: HTTP request
-  smuggling via error pages in http/ngx_http_special_response.c 
+* Wed May 26 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.16.1-6
+- Resolves: #1963181 - CVE-2021-23017 rh-nginx116-nginx: nginx: Off-by-one in
+  ngx_resolver_copy() when labels are followed by a pointer to a root
+  domain name
+
+* Tue Jun 23 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-5
+- Resolves: #1798233 - CVE-2019-20372 rh-nginx116-nginx: nginx: HTTP request
+  smuggling via error pages in http/ngx_http_special_response.c
 
 * Mon Oct 07 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-4
 - Resolves: #1758809 - Nginx service does not start (wrong version used in the