diff --git a/openldap-2.3.27-ber-decode.patch b/openldap-2.3.27-ber-decode.patch
new file mode 100644
index 0000000..d47da3c
--- /dev/null
+++ b/openldap-2.3.27-ber-decode.patch
@@ -0,0 +1,44 @@
+453637, 453638, 453639, 453640,453444: CVE-2008-2952 OpenLDAP denial-of-service 
+flaw in ASN.1 decoder
+
+Source: upstream, cvs diff -r 1.120 -r 1.122 libraries/liblber/io.c
+
+Index: libraries/liblber/io.c
+===================================================================
+RCS file: /repo/OpenLDAP/pkg/ldap/libraries/liblber/io.c,v
+retrieving revision 1.120
+retrieving revision 1.122
+diff -u -r1.120 -r1.122
+--- libraries/liblber/io.c	7 Jan 2008 23:20:03 -0000	1.120
++++ libraries/liblber/io.c	1 Jul 2008 23:33:15 -0000	1.122
+@@ -522,14 +522,18 @@
+ 	}
+ 
+ 	while (ber->ber_rwptr > (char *)&ber->ber_tag && ber->ber_rwptr <
+-		(char *)&ber->ber_len + LENSIZE*2 -1) {
++		(char *)&ber->ber_len + LENSIZE*2) {
+ 		ber_slen_t sblen;
+ 		char buf[sizeof(ber->ber_len)-1];
+ 		ber_len_t tlen = 0;
+ 
++		/* The tag & len can be at most 9 bytes; we try to read up to 8 here */
+ 		sock_errset(0);
+-		sblen=ber_int_sb_read( sb, ber->ber_rwptr,
+-			((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr);
++		sblen=((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr;
++		/* Trying to read the last len byte of a 9 byte tag+len */
++		if (sblen<1)
++			sblen = 1;
++		sblen=ber_int_sb_read( sb, ber->ber_rwptr, sblen );
+ 		if (sblen<=0) return LBER_DEFAULT;
+ 		ber->ber_rwptr += sblen;
+ 
+@@ -579,7 +583,7 @@
+ 			int i;
+ 			unsigned char *p = (unsigned char *)ber->ber_ptr;
+ 			int llen = *p++ & 0x7f;
+-			if (llen > (int)sizeof(ber_len_t)) {
++			if (llen > LENSIZE) {
+ 				sock_errset(ERANGE);
+ 				return LBER_DEFAULT;
+ 			}
diff --git a/openldap.spec b/openldap.spec
index c693902..6383642 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -11,7 +11,7 @@
 Summary: The configuration files, libraries, and documentation for OpenLDAP
 Name: openldap
 Version: %{version}
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: OpenLDAP
 Group: System Environment/Daemons
 Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
@@ -34,6 +34,7 @@ Patch5: openldap-2.4.6-nosql.patch
 Patch6: openldap-2.3.19-gethostbyXXXX_r.patch
 Patch9: openldap-2.3.37-smbk5pwd.patch
 Patch10: openldap-2.4.6-multilib.patch
+Patch11: openldap-2.3.27-ber-decode.patch
 
 # Patches for the evolution library
 Patch200: openldap-2.4.6-evolution-ntlm.patch
@@ -131,6 +132,7 @@ pushd openldap-%{version}
 %patch6 -p1 -b .gethostbyname_r
 %patch9 -p1 -b .smbk5pwd
 %patch10 -p1 -b .multilib
+%patch11 -p0 -b .ber-decode
 
 cp %{_datadir}/libtool/config.{sub,guess} build/
 popd
@@ -597,6 +599,9 @@ fi
 %attr(0644,root,root)      %{evolution_connector_libdir}/*.a
 
 %changelog
+* Wed Jul  2 2008 Jan Safranek <jsafranek@redhat.com> 2.4.10-2
+- fix CVE-2008-2952 (#453728)
+
 * Thu Jun 12 2008 Jan Safranek <jsafranek@redhat.com> 2.4.10-1
 - new upstream release