diff --git a/SOURCES/0222-ask-password-prevent-buffer-overrow-when-reading-fro.patch b/SOURCES/0222-ask-password-prevent-buffer-overrow-when-reading-fro.patch
new file mode 100644
index 0000000..aa2bc12
--- /dev/null
+++ b/SOURCES/0222-ask-password-prevent-buffer-overrow-when-reading-fro.patch
@@ -0,0 +1,37 @@
+From 7200c0b173bec49c63ac5ecdf6d510d26e8c8271 Mon Sep 17 00:00:00 2001
+From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
+Date: Mon, 13 May 2019 16:58:01 -0300
+Subject: [PATCH] ask-password: prevent buffer overrow when reading from
+ keyring
+
+When we read from keyring, a temporary buffer is allocated in order to
+determine the size needed for the entire data. However, when zeroing that area,
+we use the data size returned by the read instead of the lesser size allocate
+for the buffer.
+
+That will cause memory corruption that causes systemd-cryptsetup to crash
+either when a single large password is used or when multiple passwords have
+already been pushed to the keyring.
+
+Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
+(cherry picked from commit 59c55e73eaee345e1ee67c23eace8895ed499693)
+(cherry picked from commit c6c8e0d097d6ba12471c6112c3fd339ea40329d5)
+
+Resolves: #1777037
+---
+ src/shared/ask-password-api.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
+index 682dc754fc..764ebd08e1 100644
+--- a/src/shared/ask-password-api.c
++++ b/src/shared/ask-password-api.c
+@@ -79,7 +79,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
+                 if (n < m)
+                         break;
+ 
+-                explicit_bzero(p, n);
++                explicit_bzero(p, m);
+                 free(p);
+                 m *= 2;
+         }
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
index 2a2b664..e274b08 100644
--- a/SPECS/systemd.spec
+++ b/SPECS/systemd.spec
@@ -13,7 +13,7 @@
 Name:           systemd
 Url:            http://www.freedesktop.org/wiki/Software/systemd
 Version:        239
-Release:        18%{?dist}.1
+Release:        18%{?dist}.2
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -271,6 +271,7 @@ Patch0218: 0218-sd-bus-adjust-indentation-of-comments.patch
 Patch0219: 0219-resolved-do-not-run-loop-twice.patch
 Patch0220: 0220-resolved-allow-access-to-Set-Link-and-Revert-methods.patch
 Patch0221: 0221-resolved-query-polkit-only-after-parsing-the-data.patch
+Patch0222: 0222-ask-password-prevent-buffer-overrow-when-reading-fro.patch
 
 
 %ifarch %{ix86} x86_64 aarch64
@@ -890,6 +891,9 @@ fi
 %files tests -f .file-list-tests
 
 %changelog
+* Fri Nov 29 2019 systemd maintenance team <systemd-maint@redhat.com> - 239-18.2
+- ask-password: prevent buffer overrow when reading from keyring (#1777037)
+
 * Tue Nov 05 2019 Lukas Nykryn <lnykryn@redhat.com> - 239-18.1
 - journal: rely on _cleanup_free_ to free a temporary string used in client_context_read_cgroup (#1767716)