diff --git a/SOURCES/samba-4.1.x-CVE-2015-0240.patch b/SOURCES/samba-4.1.x-CVE-2015-0240.patch
new file mode 100644
index 0000000..b65c728
--- /dev/null
+++ b/SOURCES/samba-4.1.x-CVE-2015-0240.patch
@@ -0,0 +1,84 @@
+From cc4100701bec64cda6fae6a5650c2114f3862579 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Wed, 28 Jan 2015 14:47:31 -0800
+Subject: [PATCH 1/2] CVE-2015-0240: s3: netlogon: Ensure we don't call
+ talloc_free on an uninitialized pointer.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+---
+ source3/rpc_server/netlogon/srv_netlog_nt.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
+index c903ae8..cab635f 100644
+--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
++++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
+@@ -1101,6 +1101,10 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p,
+ 	bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
+ 	struct loadparm_context *lp_ctx;
+ 
++	if (creds_out != NULL) {
++		*creds_out = NULL;
++	}
++
+ 	if (schannel_global_required) {
+ 		status = schannel_check_required(&p->auth,
+ 						 computer_name,
+@@ -1258,7 +1262,7 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
+ {
+ 	NTSTATUS status = NT_STATUS_OK;
+ 	int i;
+-	struct netlogon_creds_CredentialState *creds;
++	struct netlogon_creds_CredentialState *creds = NULL;
+ 
+ 	DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
+ 
+-- 
+2.3.0
+
+
+From 57c186ee4deda5e75d3588fa0252d9817492bb1f Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Mon, 16 Feb 2015 10:59:23 +0100
+Subject: [PATCH 2/2] s3-netlogon: Make sure we do not deference a NULL
+ pointer.
+
+This is an additional patch for CVE-2015-0240.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32
+
+Pair-Programmed-With: Michael Adam <obnox@samba.org>
+Pair-Programmed-With: Andreas Schneider <asn@samba.org>
+Signed-off-by: Michael Adam <obnox@samba.org>
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+---
+ source3/rpc_server/netlogon/srv_netlog_nt.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
+index cab635f..2ba3278 100644
+--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
++++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
+@@ -1275,9 +1275,14 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
+ 	unbecome_root();
+ 
+ 	if (!NT_STATUS_IS_OK(status)) {
++		const char *computer_name = "<unknown>";
++
++		if (creds != NULL && creds->computer_name != NULL) {
++			computer_name = creds->computer_name;
++		}
+ 		DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth "
+ 			"request from client %s machine account %s\n",
+-			r->in.computer_name, creds->computer_name));
++			r->in.computer_name, computer_name));
+ 		TALLOC_FREE(creds);
+ 		return status;
+ 	}
+-- 
+2.3.0
+
diff --git a/SPECS/samba.spec b/SPECS/samba.spec
index 59a950a..9b072f6 100644
--- a/SPECS/samba.spec
+++ b/SPECS/samba.spec
@@ -1,7 +1,7 @@
 # Set --with testsuite or %bcond_without to run the Samba torture testsuite.
 %bcond_with testsuite
 
-%define main_release 37
+%define main_release 38
 
 %define samba_version 4.1.1
 %define talloc_version 2.0.8
@@ -120,6 +120,7 @@ Patch31: samba-CVE-2014-3493.patch
 Patch32: samba-CVE-2014-0178.patch
 Patch33: samba-4.1.9-file_open.patch
 Patch34: samba-CVE-2014-3560.patch
+Patch35: samba-4.1.x-CVE-2015-0240.patch
 
 BuildRoot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
@@ -560,6 +561,7 @@ module necessary to communicate to the Winbind Daemon
 %patch32 -p1 -b .samba-CVE-2014-0178.patch
 %patch33 -p1 -b .samba-4.1.9-file_open.patch
 %patch34 -p1 -b .samba-CVE-2014-3560.patch
+%patch35 -p1 -b .samba-4.1.x-CVE-2015-0240.patch
 
 %build
 %global _talloc_lib ,talloc,pytalloc,pytalloc-util
@@ -1626,6 +1628,9 @@ rm -rf %{buildroot}
 %{_mandir}/man8/pam_winbind.8*
 
 %changelog
+* Thu Feb 19 2015 - Guenther Deschner <gdeschner@redhat.com> - 4.1.1-38
+- resolves: #1194132 - CVE-2015-0240: RCE in netlogon server.
+
 * Fri Aug 01 2014 - Guenther Deschner <gdeschner@redhat.com> - 4.1.1-37
 - resolves: #1126013 - CVE-2014-3560: remote code execution in nmbd.