diff --git a/cups-str4500.patch b/cups-str4500.patch
new file mode 100644
index 0000000..cabe572
--- /dev/null
+++ b/cups-str4500.patch
@@ -0,0 +1,16 @@
+diff -up cups-2.0.0/cups/util.c.str4500 cups-2.0.0/cups/util.c
+--- cups-2.0.0/cups/util.c.str4500	2014-10-15 12:59:27.105942488 +0100
++++ cups-2.0.0/cups/util.c	2014-10-15 13:03:38.618187112 +0100
+@@ -846,10 +846,10 @@ cupsGetPPD3(http_t     *http,		/* I  - H
+ 
+     snprintf(ppdname, sizeof(ppdname), "%s/ppd/%s.ppd", cg->cups_serverroot,
+              name);
+-    if (!stat(ppdname, &ppdinfo))
++    if (!stat(ppdname, &ppdinfo) && !access(ppdname, R_OK))
+     {
+      /*
+-      * OK, the file exists, use it!
++      * OK, the file exists and is readable, use it!
+       */
+ 
+       if (buffer[0])
diff --git a/cups.spec b/cups.spec
index 390b025..ae2d834 100644
--- a/cups.spec
+++ b/cups.spec
@@ -11,7 +11,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 1.6.4
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Url: http://www.cups.org/
@@ -79,6 +79,7 @@ Patch48: cups-CVE-2014-5029-5030-5031.patch
 Patch49: cups-str4461.patch
 Patch50: cups-str4396.patch
 Patch51: cups-str2913.patch
+Patch52: cups-str4500.patch
 
 Patch100: cups-lspp.patch
 
@@ -298,6 +299,9 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 # Upstream patch for STR #2913 to limit Get-Jobs replies to 500 jobs
 # (bug #421671).
 %patch51 -p1 -b .str2913
+# Fix cupsGetPPD3() so it doesn't give the caller an unreadable file
+# (bug #1150917, STR #4500).
+%patch52 -p1 -b .str4500
 
 %if %lspp
 # LSPP support.
@@ -686,6 +690,10 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz
 
 %changelog
+* Sun Nov 23 2014 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-12
+- Fix cupsGetPPD3() so it doesn't give the caller an unreadable file
+  (bug #1150917, STR #4500).
+
 * Mon Sep  1 2014 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-11
 - More STR #4461 fixes from upstream.