diff --git a/SOURCES/0001-Disable-logfile-and-modulepath-when-running-with-ele.patch b/SOURCES/0001-Disable-logfile-and-modulepath-when-running-with-ele.patch
new file mode 100644
index 0000000..9a0769e
--- /dev/null
+++ b/SOURCES/0001-Disable-logfile-and-modulepath-when-running-with-ele.patch
@@ -0,0 +1,54 @@
+From 2fda7c57e7ebe210cf5e2bb051a0a9271f85e80a Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Mon, 22 Oct 2018 14:33:25 -0400
+Subject: [PATCH xserver] Disable -logfile and -modulepath when running with
+ elevated privileges
+
+An unprivileged user was able to overwrite arbitrary files
+in directories in which it is able to chdir, potentially
+leading to privilege elevation.
+
+CVE-2018-14665
+
+An unprivileded user was able to load arbitrary modules
+from user controlled directories, leading to privilege
+elevation.
+
+CVE-2018-XXXXX
+
+Issues reported by Narendra Shinde
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ hw/xfree86/common/xf86Init.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
+index 6c25eda739..0f57efa863 100644
+--- a/hw/xfree86/common/xf86Init.c
++++ b/hw/xfree86/common/xf86Init.c
+@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i)
+     /* First the options that are not allowed with elevated privileges */
+     if (!strcmp(argv[i], "-modulepath")) {
+         CHECK_FOR_REQUIRED_ARGUMENT();
+-        xf86CheckPrivs(argv[i], argv[i + 1]);
++        if (xf86PrivsElevated())
++              FatalError("\nInvalid argument -modulepath "
++                "with elevated privileges\n");
+         xf86ModulePath = argv[i + 1];
+         xf86ModPathFrom = X_CMDLINE;
+         return 2;
+     }
+     if (!strcmp(argv[i], "-logfile")) {
+         CHECK_FOR_REQUIRED_ARGUMENT();
+-        xf86CheckPrivs(argv[i], argv[i + 1]);
++        if (xf86PrivsElevated())
++              FatalError("\nInvalid argument -logfile "
++                "with elevated privileges\n");
+         xf86LogFile = argv[i + 1];
+         xf86LogFileFrom = X_CMDLINE;
+         return 2;
+-- 
+2.19.0
+
diff --git a/SOURCES/0001-modesetting-Hide-atomic-behind-Option-Atomic-boolean.patch b/SOURCES/0001-modesetting-Hide-atomic-behind-Option-Atomic-boolean.patch
new file mode 100644
index 0000000..6ab37ba
--- /dev/null
+++ b/SOURCES/0001-modesetting-Hide-atomic-behind-Option-Atomic-boolean.patch
@@ -0,0 +1,52 @@
+From a22a81a0de76b96b01f32f59fd2a4b4af675d9b1 Mon Sep 17 00:00:00 2001
+From: Adam Jackson <ajax@redhat.com>
+Date: Fri, 5 Oct 2018 15:12:18 -0400
+Subject: [PATCH] modesetting: Hide atomic behind Option "Atomic" "[boolean]"
+
+You can turn it on if the kernel driver supports it and you ask for it
+explicitly, but right now it's too fragile.
+
+Signed-off-by: Adam Jackson <ajax@redhat.com>
+---
+ hw/xfree86/drivers/modesetting/driver.c | 5 ++++-
+ hw/xfree86/drivers/modesetting/driver.h | 1 +
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/hw/xfree86/drivers/modesetting/driver.c b/hw/xfree86/drivers/modesetting/driver.c
+index 24311c1..4fc62e4 100644
+--- a/hw/xfree86/drivers/modesetting/driver.c
++++ b/hw/xfree86/drivers/modesetting/driver.c
+@@ -131,6 +131,7 @@ static const OptionInfoRec Options[] = {
+     {OPTION_PAGEFLIP, "PageFlip", OPTV_BOOLEAN, {0}, FALSE},
+     {OPTION_ZAPHOD_HEADS, "ZaphodHeads", OPTV_STRING, {0}, FALSE},
+     {OPTION_DOUBLE_SHADOW, "DoubleShadow", OPTV_BOOLEAN, {0}, FALSE},
++    {OPTION_ATOMIC, "Atomic", OPTV_BOOLEAN, {0}, FALSE},
+     {-1, NULL, OPTV_NONE, {0}, FALSE}
+ };
+ 
+@@ -1061,7 +1062,9 @@ PreInit(ScrnInfoPtr pScrn, int flags)
+     }
+ 
+     ret = drmSetClientCap(ms->fd, DRM_CLIENT_CAP_ATOMIC, 1);
+-    ms->atomic_modeset = (ret == 0);
++    if ((ms->atomic_modeset = (ret == 0)))
++        ms->atomic_modeset = xf86ReturnOptValBool(ms->drmmode.Options,
++                                                  OPTION_ATOMIC, FALSE);
+ 
+     ms->kms_has_modifiers = FALSE;
+     ret = drmGetCap(ms->fd, DRM_CAP_ADDFB2_MODIFIERS, &value);
+diff --git a/hw/xfree86/drivers/modesetting/driver.h b/hw/xfree86/drivers/modesetting/driver.h
+index c8db4b8..46ba78a 100644
+--- a/hw/xfree86/drivers/modesetting/driver.h
++++ b/hw/xfree86/drivers/modesetting/driver.h
+@@ -51,6 +51,7 @@ typedef enum {
+     OPTION_PAGEFLIP,
+     OPTION_ZAPHOD_HEADS,
+     OPTION_DOUBLE_SHADOW,
++    OPTION_ATOMIC,
+ } modesettingOpts;
+ 
+ typedef struct
+-- 
+2.19.0
+
diff --git a/SOURCES/0001-xfree86-LeaveVT-from-xf86CrtcCloseScreen.patch b/SOURCES/0001-xfree86-LeaveVT-from-xf86CrtcCloseScreen.patch
new file mode 100644
index 0000000..7234031
--- /dev/null
+++ b/SOURCES/0001-xfree86-LeaveVT-from-xf86CrtcCloseScreen.patch
@@ -0,0 +1,26 @@
+From 1070ffa0953e9200688fc8fae11e3ab0680b86f2 Mon Sep 17 00:00:00 2001
+From: Adam Jackson <ajax@redhat.com>
+Date: Tue, 9 Oct 2018 12:28:48 -0400
+Subject: [PATCH xserver] xfree86: LeaveVT from xf86CrtcCloseScreen
+
+Signed-off-by: Adam Jackson <ajax@redhat.com>
+---
+ hw/xfree86/modes/xf86Crtc.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c
+index 37a45bb3af..45d325f4d2 100644
+--- a/hw/xfree86/modes/xf86Crtc.c
++++ b/hw/xfree86/modes/xf86Crtc.c
+@@ -760,6 +760,8 @@ xf86CrtcCloseScreen(ScreenPtr screen)
+     xf86CrtcConfigPtr config = XF86_CRTC_CONFIG_PTR(scrn);
+     int o, c;
+ 
++    scrn->LeaveVT(scrn);
++
+     /* The randr_output and randr_crtc pointers are already invalid as
+      * the DIX resources were freed when the associated resources were
+      * freed. Clear them now; referencing through them during the rest
+-- 
+2.19.0
+
diff --git a/SPECS/xorg-x11-server.spec b/SPECS/xorg-x11-server.spec
index c733fd6..098aa22 100644
--- a/SPECS/xorg-x11-server.spec
+++ b/SPECS/xorg-x11-server.spec
@@ -42,7 +42,7 @@
 Summary:   X.Org X11 X server
 Name:      xorg-x11-server
 Version:   1.20.1
-Release:   3%{?gitdate:.%{gitdate}}%{?dist}
+Release:   5.1%{?gitdate:.%{gitdate}}%{?dist}
 URL:       http://www.x.org
 License:   MIT
 Group:     User Interface/X
@@ -105,6 +105,9 @@ Patch9751: 0001-glamor_egl-Don-t-initialize-on-llvmpipe.patch
 Patch9752: 0001-xwayland-Don-t-initialize-glamor-on-llvmpipe.patch
 Patch9753: 0001-linux-Make-platform-device-probe-less-fragile.patch
 Patch9754: 0001-xfree86-try-harder-to-span-on-multihead.patch
+Patch9755: 0001-modesetting-Hide-atomic-behind-Option-Atomic-boolean.patch
+Patch9756: 0001-xfree86-LeaveVT-from-xf86CrtcCloseScreen.patch
+Patch9757: 0001-Disable-logfile-and-modulepath-when-running-with-ele.patch
 
 %global moduledir	%{_libdir}/xorg/modules
 %global drimoduledir	%{_libdir}/dri
@@ -587,6 +590,16 @@ rm -rf $RPM_BUILD_ROOT
 %{xserver_source_dir}
 
 %changelog
+* Mon Oct 22 2018 Adam Jackson <ajax@redhat.com> - 1.20.1-5.1
+- CVE-2018-14665: Disable -logfile and -modulepath when running with elevated
+  privileges
+
+* Tue Oct 09 2018 Adam Jackson <ajax@redhat.com> - 1.20.1-5
+- Call LeaveVT from xf86CrtcCloseScreen
+
+* Fri Oct 05 2018 Adam Jackson <ajax@redhat.com> - 1.20.1-4
+- Hide the modesetting driver's atomic ioctl support behind Option "Atomic"
+
 * Mon Sep 24 2018 Adam Jackson <ajax@redhat.com> - 1.20.1-3
 - Try harder to come up with an initial spanning configuration