diff --git a/SOURCES/rpm-4.11.x-CVE-2014-8118.patch b/SOURCES/rpm-4.11.x-CVE-2014-8118.patch
new file mode 100644
index 0000000..79e2a00
--- /dev/null
+++ b/SOURCES/rpm-4.11.x-CVE-2014-8118.patch
@@ -0,0 +1,12 @@
+--- rpm-4.11.1.orig/lib/cpio.c	2014-11-28 12:21:50.444158675 +0100
++++ rpm-4.11.1/lib/cpio.c	2014-11-28 12:22:53.776453253 +0100
+@@ -296,6 +296,9 @@
+     st->st_rdev = makedev(major, minor);
+ 
+     GET_NUM_FIELD(hdr.namesize, nameSize);
++    if (nameSize <= 0 || nameSize > 4096) {
++        return CPIOERR_BAD_HEADER;
++    }
+ 
+     *path = xmalloc(nameSize + 1);
+     read = Fread(*path, nameSize, 1, cpio->fd);
diff --git a/SOURCES/rpm-4.11.x-chmod.patch b/SOURCES/rpm-4.11.x-chmod.patch
new file mode 100644
index 0000000..2a0636b
--- /dev/null
+++ b/SOURCES/rpm-4.11.x-chmod.patch
@@ -0,0 +1,22 @@
+--- rpm-4.11.1/lib/fsm.c.orig	2014-11-13 13:38:56.742934031 +0100
++++ rpm-4.11.1/lib/fsm.c	2014-11-13 13:42:13.036380024 +0100
+@@ -726,12 +726,17 @@
+ {
+     FD_t wfd = NULL;
+     const struct stat * st = &fsm->sb;
+-    rpm_loff_t left = st->st_size;
++    rpm_loff_t left = rpmfiFSizeIndex(fsmGetFi(fsm), fsm->ix);
+     const unsigned char * fidigest = NULL;
+     pgpHashAlgo digestalgo = 0;
+     int rc = 0;
+ 
+-    wfd = Fopen(fsm->path, "w.ufdio");
++    /* Create the file with 000 permissions. */
++    {
++	mode_t old_umask = umask(0777);
++	wfd = Fopen(fsm->path, "w.ufdio");
++	umask(old_umask);
++    }                      
+     if (Ferror(wfd)) {
+ 	rc = CPIOERR_OPEN_FAILED;
+ 	goto exit;
diff --git a/SPECS/rpm.spec b/SPECS/rpm.spec
index 51663c8..b1ce7ab 100644
--- a/SPECS/rpm.spec
+++ b/SPECS/rpm.spec
@@ -21,7 +21,7 @@
 Summary: The RPM package management system
 Name: rpm
 Version: %{rpmver}
-Release: %{?snapver:0.%{snapver}.}16%{?dist}
+Release: %{?snapver:0.%{snapver}.}18%{?dist}
 Group: System Environment/Base
 Url: http://www.rpm.org/
 Source0: http://rpm.org/releases/rpm-4.11.x/%{name}-%{srcver}.tar.bz2
@@ -72,6 +72,10 @@ Patch306: rpm-4.10.0-minidebuginfo.patch
 Patch307: rpm-4.11.1-sepdebugcrcfix.patch
 # Fix minidebuginfo on ppc64 (#1052415)
 Patch308: rpm-4.11.x-minidebuginfo-ppc64.patch
+# Chmod 000 for files being unpacked
+Patch309: rpm-4.11.x-chmod.patch
+Patch310: rpm-4.11.x-CVE-2014-8118.patch
+
 # Temporary Patch to provide support for updates
 Patch400: rpm-4.10.90-rpmlib-filesystem-check.patch
 
@@ -261,6 +265,8 @@ packages on a system.
 %patch306 -p1 -b .minidebuginfo
 %patch307 -p1 -b .sepdebugcrcfix
 %patch308 -p1 -b .minidebuginfo-ppc64
+%patch309 -p1 -b .chmod
+%patch310 -p1 -b .namesize
 
 %patch400 -p1 -b .rpmlib-filesystem-check
 
@@ -489,6 +495,15 @@ exit 0
 %doc COPYING doc/librpm/html/*
 
 %changelog
+* Fri Nov 28 2014 Florian Festi <ffesti@redhat.com> - 4.11.1-18
+- Add check against malicious CPIO file name size (#1163060)
+- Fixes CVE-2014-8118
+
+* Thu Nov 13 2014 Florian Festi <ffesti@redhat.com> - 4.11.1-17
+- Fix race condidition where unchecked data is exposed in the file system
+  (#1163060)
+- Fixes CVE-2013-6435
+
 * Mon Mar 24 2014 Panu Matilainen <pmatilai@redhat.com> - 4.11.1-16
 - Fully reset file actions between rpmtsRun() calls (#1076552)