diff --git a/libtomcrypt-CVE-2016-6129.patch b/libtomcrypt-CVE-2016-6129.patch
new file mode 100644
index 0000000..32351da
--- /dev/null
+++ b/libtomcrypt-CVE-2016-6129.patch
@@ -0,0 +1,28 @@
+diff -Naur libtomcrypt-1.17.old/src/pk/rsa/rsa_verify_hash.c libtomcrypt-1.17/src/pk/rsa/rsa_verify_hash.c
+--- libtomcrypt-1.17.old/src/pk/rsa/rsa_verify_hash.c	2017-06-25 22:53:28.345381447 +0200
++++ libtomcrypt-1.17/src/pk/rsa/rsa_verify_hash.c	2017-06-25 22:53:33.766484337 +0200
+@@ -96,7 +96,7 @@
+   } else {
+     /* LTC_PKCS #1 v1.5 decode it */
+     unsigned char *out;
+-    unsigned long outlen, loid[16];
++    unsigned long outlen, loid[16], reallen;
+     int           decoded;
+     ltc_asn1_list digestinfo[2], siginfo[2];
+ 
+@@ -138,8 +138,14 @@
+        goto bail_2;
+     }
+ 
++    if ((err = der_length_sequence(siginfo, 2, &reallen)) != CRYPT_OK) {
++       XFREE(out);
++       goto bail_2;
++    }
++
+     /* test OID */
+-    if ((digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
++    if ((reallen == outlen) &&
++        (digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
+         (XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) &&
+         (siginfo[1].size == hashlen) &&
+         (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) {
diff --git a/libtomcrypt.spec b/libtomcrypt.spec
index 2f85ef3..d888f03 100644
--- a/libtomcrypt.spec
+++ b/libtomcrypt.spec
@@ -1,6 +1,6 @@
 Name:           libtomcrypt
 Version:        1.17
-Release:        24%{?dist}
+Release:        25%{?dist}
 Summary:        A comprehensive, portable cryptographic toolkit
 License:        Public Domain
 URL:            http://www.libtom.net/
@@ -9,6 +9,7 @@ Source0:        https://github.com/libtom/%{name}/releases/download/%{version}/c
 Patch0:         %{name}-makefile.patch
 Patch1:         %{name}-pkgconfig.patch
 Patch2:         %{name}-two-key-triple-des.patch
+Patch3:         %{name}-CVE-2016-6129.patch
 
 BuildRequires:  ghostscript
 BuildRequires:  libtommath-devel >= 0.42.0-3
@@ -58,6 +59,7 @@ The %{name}-doc package contains documentation for use with %{name}.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 %build
 # No configure script ships with libtomcrypt. Its only requirement is ANSI C and
@@ -111,6 +113,9 @@ find %{buildroot} -name 'libtomcrypt_prof*' -delete
 %doc LICENSE doc/crypt.pdf
 
 %changelog
+* Sun Jun 25 2017 Simone Caronni <negativo17@gmail.com> - 1.17-25
+- Fix CVE-2016-6129 (#1370955, #1370957).
+
 * Sun Jun 25 2017 Simone Caronni <negativo17@gmail.com> - 1.17-24
 - Update URLs (#1463608, #1463547)