diff --git a/ruby-2.4.3-Fix-Command-injection-in-lib-resolv-lazy_initialize.patch b/ruby-2.4.3-Fix-Command-injection-in-lib-resolv-lazy_initialize.patch
new file mode 100644
index 0000000..451b3cd
--- /dev/null
+++ b/ruby-2.4.3-Fix-Command-injection-in-lib-resolv-lazy_initialize.patch
@@ -0,0 +1,29 @@
+From e7464561b5151501beb356fc750d5dd1a88014f7 Mon Sep 17 00:00:00 2001
+From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
+Date: Wed, 20 Dec 2017 04:18:31 +0000
+Subject: [PATCH] Fixed command Injection
+
+* resolv.rb (Resolv::Hosts#lazy_initialize): fixed potential
+  command Injection in Hosts::new() by use of Kernel#open.
+  [Fix GH-1777] [ruby-core:84347] [Bug #14205]
+
+From: Drigg3r <drigg3r@yandex.com>
+
+git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61349 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
+---
+ lib/resolv.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/resolv.rb b/lib/resolv.rb
+index 1044b95e6810..56183b837d81 100644
+--- a/lib/resolv.rb
++++ b/lib/resolv.rb
+@@ -188,7 +188,7 @@ def lazy_initialize # :nodoc:
+         unless @initialized
+           @name2addr = {}
+           @addr2name = {}
+-          open(@filename, 'rb') {|f|
++          File.open(@filename, 'rb') {|f|
+             f.each {|line|
+               line.sub!(/#.*/, '')
+               addr, hostname, *aliases = line.split(/\s+/)
diff --git a/ruby.spec b/ruby.spec
index a944bb5..7cc8774 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -127,6 +127,10 @@ Patch7: ruby-2.2.3-Generate-preludes-using-miniruby.patch
 # hardening features of glibc (rhbz#1361037).
 # https://bugs.ruby-lang.org/issues/12666
 Patch9: ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch
+# Fix: Command injection in lib/resolv.rb:lazy_initialize()
+# https://bugzilla.redhat.com/show_bug.cgi?id=1528226
+# https://github.com/ruby/ruby/commit/e7464561b5151501beb356fc750d5dd1a88014f7
+Patch10: ruby-2.4.3-Fix-Command-injection-in-lib-resolv-lazy_initialize.patch
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Suggests: rubypick
@@ -1023,6 +1027,7 @@ make check TESTS="-v $DISABLE_TESTS"
 %changelog
 * Thu Dec 21 2017 Pavel Valena <pvalena@redhat.com> - 2.4.3-86
 - Update to Ruby 2.4.3.
+- Fix: Command injection in lib/resolv.rb:lazy_initialize() (rhbz#1528226)
 
 * Fri Oct 27 2017 Jun Aruga <jaruga@redhat.com> - 2.4.2-86
 - Improve "with" conditional statement as inline.