diff --git a/SOURCES/samba-4.1.9-file_open.patch b/SOURCES/samba-4.1.9-file_open.patch
new file mode 100644
index 0000000..e4bf77d
--- /dev/null
+++ b/SOURCES/samba-4.1.9-file_open.patch
@@ -0,0 +1,116 @@
+From d038b70b159fd133060ead0bed8d70b654594b03 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Tue, 24 Jun 2014 14:19:30 -0700
+Subject: [PATCH 1/2] s3: smbd - Prevent file truncation on an open that fails
+ with share mode violation.
+
+Fix from Volker, really - just tidied up a little.
+The S_ISFIFO check may not be strictly neccessary,
+but doesn't hurt (might make the code a bit more complex
+than it needs to be).
+
+Fixes bug #10671 - Samba file corruption as a result of failed lock check.
+
+https://bugzilla.samba.org/show_bug.cgi?id=10671
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: David Disseldorp <ddiss@samba.org>
+(cherry picked from commit 31b3427a417217e5e869baafdf63e633efc39d12)
+[ddiss@samba.org: 4.1 backport]
+---
+ source3/smbd/open.c | 22 ++++++++++++++++++++--
+ 1 file changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/source3/smbd/open.c b/source3/smbd/open.c
+index 5f7bff9..72b8b59 100644
+--- a/source3/smbd/open.c
++++ b/source3/smbd/open.c
+@@ -839,8 +839,11 @@ static NTSTATUS open_file(files_struct *fsp,
+ 			}
+ 		}
+ 
+-		/* Actually do the open */
+-		status = fd_open_atomic(conn, fsp, local_flags,
++		/*
++		 * Actually do the open - if O_TRUNC is needed handle it
++		 * below under the share mode lock.
++		 */
++		status = fd_open_atomic(conn, fsp, local_flags & ~O_TRUNC,
+ 				unx_mode, p_file_created);
+ 		if (!NT_STATUS_IS_OK(status)) {
+ 			DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
+@@ -2646,6 +2649,21 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
+ 		return status;
+ 	}
+ 
++	/* Should we atomically (to the client at least) truncate ? */
++	if (!new_file_created) {
++		if (flags2 & O_TRUNC) {
++			if (!S_ISFIFO(fsp->fsp_name->st.st_ex_mode)) {
++				int ret = vfs_set_filelen(fsp, 0);
++				if (ret != 0) {
++					status = map_nt_error_from_unix(errno);
++					TALLOC_FREE(lck);
++					fd_close(fsp);
++					return status;
++				}
++			}
++		}
++	}
++
+ 	grant_fsp_oplock_type(fsp,
+ 			      oplock_request,
+ 			      got_level2_oplock,
+-- 
+1.8.4.5
+
+
+From 906812aad2d1fec04076259f1d5332220b95221a Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Wed, 25 Jun 2014 08:36:47 +0000
+Subject: [PATCH 2/2] smbd: Remove 2 indentation levels
+
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: David Disseldorp <ddiss@samba.org>
+(cherry picked from commit 1dc5c20c8f7d8aa96fa0601bf5bf6dc69fb79d9f)
+---
+ source3/smbd/open.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/source3/smbd/open.c b/source3/smbd/open.c
+index 72b8b59..16d4307 100644
+--- a/source3/smbd/open.c
++++ b/source3/smbd/open.c
+@@ -2650,17 +2650,17 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
+ 	}
+ 
+ 	/* Should we atomically (to the client at least) truncate ? */
+-	if (!new_file_created) {
+-		if (flags2 & O_TRUNC) {
+-			if (!S_ISFIFO(fsp->fsp_name->st.st_ex_mode)) {
+-				int ret = vfs_set_filelen(fsp, 0);
+-				if (ret != 0) {
+-					status = map_nt_error_from_unix(errno);
+-					TALLOC_FREE(lck);
+-					fd_close(fsp);
+-					return status;
+-				}
+-			}
++	if ((!new_file_created) &&
++	    (flags2 & O_TRUNC) &&
++	    (!S_ISFIFO(fsp->fsp_name->st.st_ex_mode))) {
++		int ret;
++
++		ret = vfs_set_filelen(fsp, 0);
++		if (ret != 0) {
++			status = map_nt_error_from_unix(errno);
++			TALLOC_FREE(lck);
++			fd_close(fsp);
++			return status;
+ 		}
+ 	}
+ 
+-- 
+1.8.4.5
+
diff --git a/SOURCES/samba-CVE-2014-3560.patch b/SOURCES/samba-CVE-2014-3560.patch
new file mode 100644
index 0000000..e510f01
--- /dev/null
+++ b/SOURCES/samba-CVE-2014-3560.patch
@@ -0,0 +1,30 @@
+From fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2 Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Tue, 22 Jul 2014 07:02:00 +0200
+Subject: [PATCH] fix unstrcpy
+
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10735
+CVE-2014-3560: unstrcpy macro length is invalid
+---
+ lib/util/string_wrappers.h |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/lib/util/string_wrappers.h b/lib/util/string_wrappers.h
+index 5f9d568..243fafc 100644
+--- a/lib/util/string_wrappers.h
++++ b/lib/util/string_wrappers.h
+@@ -51,7 +51,7 @@ do { \
+ #define unstrcpy(d,s) \
+ do { \
+ 	const char *_unstrcpy_src = (const char *)(s); \
+-	strlcpy((d),_unstrcpy_src ? _unstrcpy_src : "",sizeof(fstring)); \
++	strlcpy((d),_unstrcpy_src ? _unstrcpy_src : "",sizeof(unstring)); \
+ } while (0)
+ 
+ #ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS
+-- 
+1.7.0.4
+
diff --git a/SPECS/samba.spec b/SPECS/samba.spec
index fcf3257..59a950a 100644
--- a/SPECS/samba.spec
+++ b/SPECS/samba.spec
@@ -1,7 +1,7 @@
 # Set --with testsuite or %bcond_without to run the Samba torture testsuite.
 %bcond_with testsuite
 
-%define main_release 35
+%define main_release 37
 
 %define samba_version 4.1.1
 %define talloc_version 2.0.8
@@ -118,6 +118,8 @@ Patch29: samba-4.1.6-ipv6_workaround.patch
 Patch30: samba-CVE-2014-0244.patch
 Patch31: samba-CVE-2014-3493.patch
 Patch32: samba-CVE-2014-0178.patch
+Patch33: samba-4.1.9-file_open.patch
+Patch34: samba-CVE-2014-3560.patch
 
 BuildRoot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
@@ -556,6 +558,8 @@ module necessary to communicate to the Winbind Daemon
 %patch30 -p1 -b .samba-CVE-2014-0244.patch
 %patch31 -p1 -b .samba-CVE-2014-3493.patch
 %patch32 -p1 -b .samba-CVE-2014-0178.patch
+%patch33 -p1 -b .samba-4.1.9-file_open.patch
+%patch34 -p1 -b .samba-CVE-2014-3560.patch
 
 %build
 %global _talloc_lib ,talloc,pytalloc,pytalloc-util
@@ -1622,6 +1626,12 @@ rm -rf %{buildroot}
 %{_mandir}/man8/pam_winbind.8*
 
 %changelog
+* Fri Aug 01 2014 - Guenther Deschner <gdeschner@redhat.com> - 4.1.1-37
+- resolves: #1126013 - CVE-2014-3560: remote code execution in nmbd.
+
+* Wed Jul 02 2014 - Guenther Deschner <gdeschner@redhat.com> - 4.1.1-36
+- resolves: #1115490 - Fix potential Samba file corruption.
+
 * Wed Jun 11 2014 - Guenther Deschner <gdeschner@redhat.com> - 4.1.1-35
 - resolves: #1105504 - CVE-2014-0244: DoS in nmbd.
 - resolves: #1108844 - CVE-2014-3493: DoS in smbd with unicode path names.