diff --git a/openldap-2.4.19-modrdn-segfault.patch b/openldap-2.4.19-modrdn-segfault.patch
new file mode 100644
index 0000000..7e7bfca
--- /dev/null
+++ b/openldap-2.4.19-modrdn-segfault.patch
@@ -0,0 +1,74 @@
+bz #605448 CVE-2010-0211 openldap: modrdn processing uninitialized pointer free
+bz #605452 CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference
+
+diff -ru openldap-2.4.19.old/servers/slapd/dn.c openldap-2.4.19.new/servers/slapd/dn.c
+--- openldap-2.4.19.old/servers/slapd/dn.c	2009-08-13 01:38:56.000000000 +0200
++++ openldap-2.4.19.new/servers/slapd/dn.c	2010-07-20 18:42:20.065806556 +0200
+@@ -302,16 +302,13 @@
+ 		ava->la_attr = ad->ad_cname;
+ 
+ 		if( ava->la_flags & LDAP_AVA_BINARY ) {
+-			if( ava->la_value.bv_len == 0 ) {
+-				/* BER encoding is empty */
+-				return LDAP_INVALID_SYNTAX;
+-			}
++			/* AVA is binary encoded, not supported */
++			return LDAP_INVALID_SYNTAX;
+ 
+ 			/* Do not allow X-ORDERED 'VALUES' naming attributes */
+ 		} else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
+ 			return LDAP_INVALID_SYNTAX;
+ 
+-			/* AVA is binary encoded, don't muck with it */
+ 		} else if( flags & SLAP_LDAPDN_PRETTY ) {
+ 			transf = ad->ad_type->sat_syntax->ssyn_pretty;
+ 			if( !transf ) {
+@@ -379,6 +376,10 @@
+ 			ava->la_value = bv;
+ 			ava->la_flags |= LDAP_AVA_FREE_VALUE;
+ 		}
++		/* reject empty values */
++		if (!ava->la_value.bv_len) {
++			return LDAP_INVALID_SYNTAX;
++		}
+ 	}
+ 	rc = LDAP_SUCCESS;
+ 
+diff -ru openldap-2.4.19.old/servers/slapd/modrdn.c openldap-2.4.19.new/servers/slapd/modrdn.c
+--- openldap-2.4.19.old/servers/slapd/modrdn.c	2009-01-22 01:01:01.000000000 +0100
++++ openldap-2.4.19.new/servers/slapd/modrdn.c	2010-07-20 18:42:20.065806556 +0200
+@@ -445,12 +445,19 @@
+ 		mod_tmp->sml_values[1].bv_val = NULL;
+ 		if( desc->ad_type->sat_equality->smr_normalize) {
+ 			mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
+-			(void) (*desc->ad_type->sat_equality->smr_normalize)(
++			rs->sr_err = desc->ad_type->sat_equality->smr_normalize(
+ 				SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ 				desc->ad_type->sat_syntax,
+ 				desc->ad_type->sat_equality,
+ 				&mod_tmp->sml_values[0],
+ 				&mod_tmp->sml_nvalues[0], NULL );
++			if (rs->sr_err != LDAP_SUCCESS) {
++				ch_free(mod_tmp->sml_nvalues);
++				ch_free(mod_tmp->sml_values[0].bv_val);
++				ch_free(mod_tmp->sml_values);
++				ch_free(mod_tmp);
++				goto done;
++			}
+ 			mod_tmp->sml_nvalues[1].bv_val = NULL;
+ 		} else {
+ 			mod_tmp->sml_nvalues = NULL;
+diff -ru openldap-2.4.19.old/servers/slapd/schema_init.c openldap-2.4.19.new/servers/slapd/schema_init.c
+--- openldap-2.4.19.old/servers/slapd/schema_init.c	2009-08-13 02:35:54.000000000 +0200
++++ openldap-2.4.19.new/servers/slapd/schema_init.c	2010-07-20 18:42:20.069806353 +0200
+@@ -1732,8 +1732,9 @@
+ 		? LDAP_UTF8_APPROX : 0;
+ 
+ 	val = UTF8bvnormalize( val, &tmp, flags, ctx );
++	/* out of memory or syntax error, the former is unlikely */
+ 	if( val == NULL ) {
+-		return LDAP_OTHER;
++		return LDAP_INVALID_SYNTAX;
+ 	}
+ 	
+ 	/* collapse spaces (in place) */
diff --git a/openldap.spec b/openldap.spec
index e82fe35..a40f5af 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -11,7 +11,7 @@
 Summary: LDAP support libraries
 Name: openldap
 Version: %{version}
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: OpenLDAP
 Group: System Environment/Daemons
 Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
@@ -37,6 +37,7 @@ Patch10: openldap-2.4.6-multilib.patch
 Patch11: openldap-2.4.16-doc-cacertdir.patch
 Patch12: openldap-2.4.19-tls-accept.patch
 Patch13: openldap-2.4.19-dn2id-segfault.patch
+Patch14: openldap-2.4.19-modrdn-segfault.patch
 
 # Patches for the evolution library
 Patch200: openldap-2.4.6-evolution-ntlm.patch
@@ -134,6 +135,7 @@ pushd openldap-%{version}
 %patch11 -p1 -b .cacertdir
 %patch12 -p1 -b .tls-accept
 %patch13 -p1 -b .segfault
+%patch14 -p1 -b .modrdn-segfault
 
 cp %{_datadir}/libtool/config/config.{sub,guess} build/
 popd
@@ -635,6 +637,10 @@ fi
 %attr(0644,root,root)      %{evolution_connector_libdir}/*.a
 
 %changelog
+* Tue Jul 20 2010 Jan Vcelak <jvcelak@redhat.com> - 2.4.19-6
+- CVE-2010-0211 openldap: modrdn processing uninitialized pointer free (#605448)
+- CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference (#605452)
+
 * Fri Jun 25 2010 Jan Zeleny <jzeleny@redhat.com> - 2.4.19-5
 - fixed regression caused by tls accept patch
 - updated autofs schema (#587722)