diff --git a/SOURCES/0001-Disable-logfile-and-modulepath-when-running-with-ele.patch b/SOURCES/0001-Disable-logfile-and-modulepath-when-running-with-ele.patch
new file mode 100644
index 0000000..9a0769e
--- /dev/null
+++ b/SOURCES/0001-Disable-logfile-and-modulepath-when-running-with-ele.patch
@@ -0,0 +1,54 @@
+From 2fda7c57e7ebe210cf5e2bb051a0a9271f85e80a Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Mon, 22 Oct 2018 14:33:25 -0400
+Subject: [PATCH xserver] Disable -logfile and -modulepath when running with
+ elevated privileges
+
+An unprivileged user was able to overwrite arbitrary files
+in directories in which it is able to chdir, potentially
+leading to privilege elevation.
+
+CVE-2018-14665
+
+An unprivileded user was able to load arbitrary modules
+from user controlled directories, leading to privilege
+elevation.
+
+CVE-2018-XXXXX
+
+Issues reported by Narendra Shinde
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ hw/xfree86/common/xf86Init.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
+index 6c25eda739..0f57efa863 100644
+--- a/hw/xfree86/common/xf86Init.c
++++ b/hw/xfree86/common/xf86Init.c
+@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i)
+     /* First the options that are not allowed with elevated privileges */
+     if (!strcmp(argv[i], "-modulepath")) {
+         CHECK_FOR_REQUIRED_ARGUMENT();
+-        xf86CheckPrivs(argv[i], argv[i + 1]);
++        if (xf86PrivsElevated())
++              FatalError("\nInvalid argument -modulepath "
++                "with elevated privileges\n");
+         xf86ModulePath = argv[i + 1];
+         xf86ModPathFrom = X_CMDLINE;
+         return 2;
+     }
+     if (!strcmp(argv[i], "-logfile")) {
+         CHECK_FOR_REQUIRED_ARGUMENT();
+-        xf86CheckPrivs(argv[i], argv[i + 1]);
++        if (xf86PrivsElevated())
++              FatalError("\nInvalid argument -logfile "
++                "with elevated privileges\n");
+         xf86LogFile = argv[i + 1];
+         xf86LogFileFrom = X_CMDLINE;
+         return 2;
+-- 
+2.19.0
+
diff --git a/SOURCES/0001-xfree86-LeaveVT-from-xf86CrtcCloseScreen.patch b/SOURCES/0001-xfree86-LeaveVT-from-xf86CrtcCloseScreen.patch
index 7234031..e5d4c07 100644
--- a/SOURCES/0001-xfree86-LeaveVT-from-xf86CrtcCloseScreen.patch
+++ b/SOURCES/0001-xfree86-LeaveVT-from-xf86CrtcCloseScreen.patch
@@ -1,26 +1,27 @@
-From 1070ffa0953e9200688fc8fae11e3ab0680b86f2 Mon Sep 17 00:00:00 2001
+From 13118f3052e870c3cef6260235b489a288df5a59 Mon Sep 17 00:00:00 2001
 From: Adam Jackson <ajax@redhat.com>
 Date: Tue, 9 Oct 2018 12:28:48 -0400
 Subject: [PATCH xserver] xfree86: LeaveVT from xf86CrtcCloseScreen
 
 Signed-off-by: Adam Jackson <ajax@redhat.com>
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
 ---
  hw/xfree86/modes/xf86Crtc.c | 2 ++
  1 file changed, 2 insertions(+)
 
 diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c
-index 37a45bb3af..45d325f4d2 100644
+index 686cb51..710a41d 100644
 --- a/hw/xfree86/modes/xf86Crtc.c
 +++ b/hw/xfree86/modes/xf86Crtc.c
-@@ -760,6 +760,8 @@ xf86CrtcCloseScreen(ScreenPtr screen)
-     xf86CrtcConfigPtr config = XF86_CRTC_CONFIG_PTR(scrn);
-     int o, c;
+@@ -776,6 +776,8 @@ xf86CrtcCloseScreen(ScreenPtr screen)
+         crtc->randr_crtc = NULL;
+     }
  
 +    scrn->LeaveVT(scrn);
 +
-     /* The randr_output and randr_crtc pointers are already invalid as
-      * the DIX resources were freed when the associated resources were
-      * freed. Clear them now; referencing through them during the rest
+     screen->CloseScreen = config->CloseScreen;
+ 
+     xf86RotateCloseScreen(screen);
 -- 
-2.19.0
+2.19.1
 
diff --git a/SPECS/xorg-x11-server.spec b/SPECS/xorg-x11-server.spec
index 50716bb..d0fdeac 100644
--- a/SPECS/xorg-x11-server.spec
+++ b/SPECS/xorg-x11-server.spec
@@ -42,7 +42,7 @@
 Summary:   X.Org X11 X server
 Name:      xorg-x11-server
 Version:   1.20.1
-Release:   5%{?gitdate:.%{gitdate}}%{?dist}
+Release:   5.2%{?gitdate:.%{gitdate}}%{?dist}
 URL:       http://www.x.org
 License:   MIT
 Group:     User Interface/X
@@ -107,6 +107,7 @@ Patch9753: 0001-linux-Make-platform-device-probe-less-fragile.patch
 Patch9754: 0001-xfree86-try-harder-to-span-on-multihead.patch
 Patch9755: 0001-modesetting-Hide-atomic-behind-Option-Atomic-boolean.patch
 Patch9756: 0001-xfree86-LeaveVT-from-xf86CrtcCloseScreen.patch
+Patch9757: 0001-Disable-logfile-and-modulepath-when-running-with-ele.patch
 
 %global moduledir	%{_libdir}/xorg/modules
 %global drimoduledir	%{_libdir}/dri
@@ -589,6 +590,13 @@ rm -rf $RPM_BUILD_ROOT
 %{xserver_source_dir}
 
 %changelog
+* Fri Nov 23 2018 Olivier Fourdan <ofourdan@redhat.com> - 1.20.1-5.2
+- Move LeaveVT after resetting randr pointers in xf86CrtcCloseScreen
+
+* Mon Oct 22 2018 Adam Jackson <ajax@redhat.com> - 1.20.1-5.1
+- CVE-2018-14665: Disable -logfile and -modulepath when running with elevated
+  privileges
+
 * Tue Oct 09 2018 Adam Jackson <ajax@redhat.com> - 1.20.1-5
 - Call LeaveVT from xf86CrtcCloseScreen