diff --git a/SOURCES/nginx-1.8.1-CVE-2018-16845.patch b/SOURCES/nginx-1.8.1-CVE-2018-16845.patch
new file mode 100644
index 0000000..0a92cd8
--- /dev/null
+++ b/SOURCES/nginx-1.8.1-CVE-2018-16845.patch
@@ -0,0 +1,18 @@
+diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
+index 980bf57..b165d79 100644
+--- a/src/http/modules/ngx_http_mp4_module.c
++++ b/src/http/modules/ngx_http_mp4_module.c
+@@ -896,6 +896,13 @@ ngx_http_mp4_read_atom(ngx_http_mp4_file_t *mp4,
+                 atom_size = ngx_mp4_get_64value(atom_header + 8);
+                 atom_header_size = sizeof(ngx_mp4_atom_header64_t);
+ 
++                if (atom_size < sizeof(ngx_mp4_atom_header64_t)) {
++                    ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                                  "\"%s\" mp4 atom is too small:%uL",
++                                  mp4->file.name.data, atom_size);
++                    return NGX_ERROR;
++                }
++
+             } else {
+                 ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+                               "\"%s\" mp4 atom is too small:%uL",
diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec
index 6de887e..4201681 100644
--- a/SPECS/nginx.spec
+++ b/SPECS/nginx.spec
@@ -27,7 +27,7 @@
 Name:              %{?scl:%scl_prefix}nginx
 Epoch:             1
 Version:           1.8.1
-Release:           1%{?dist}
+Release:           1%{?dist}.1
 
 Summary:           A high performance web server and reverse proxy server
 Group:             System Environment/Daemons
@@ -55,6 +55,7 @@ Source104:         50x.html
 # -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
 Patch0:            nginx-auto-cc-gcc.patch
 Patch1:            nginx-1.8.1-CVE-2016-4450.patch
+Patch2:            nginx-1.8.1-CVE-2018-16845.patch
 
 # Build Passenger against Fedora's (renamed) libeio
 Patch200:          passenger-4.0.38-libeio.patch
@@ -125,6 +126,7 @@ memory usage.
 %setup -q -n nginx-%{version}
 %patch0 -p0
 %patch1 -p1 -b .cve4450
+%patch2 -p1 -b .cve16845
 
 %if 0%{?with_passenger}
 tar -xf %{SOURCE1}
@@ -501,6 +503,10 @@ fi
 %{?scl: %{_scl_scripts}/deregister.d/*}
 
 %changelog
+* Tue Nov 13 2018 Lubos Uhliarik <luhliari@redhat.com> - 1:1.8.1-1.1
+- Resolves: #1648362 - CVE-2018-16845 rh-nginx18-nginx: nginx: Denial of
+  service and memory disclosure via mp4 module
+
 * Mon Jun 20 2016 Joe Orton <jorton@redhat.com> - 1:1.8.1-1
 - update to 1.8.1 (CVE-2016-0742 CVE-2016-0746 CVE-2016-0747)
 - add security fix for CVE-2016-4450