diff --git a/0001-Remove-exploitable-LD_BIND_NOW-hack-CVE-2009-1894.patch b/0001-Remove-exploitable-LD_BIND_NOW-hack-CVE-2009-1894.patch
new file mode 100644
index 0000000..4cb8217
--- /dev/null
+++ b/0001-Remove-exploitable-LD_BIND_NOW-hack-CVE-2009-1894.patch
@@ -0,0 +1,85 @@
+From 84200b423ebfa7e2dad9b1b65f64eac7bf3d2114 Mon Sep 17 00:00:00 2001
+From: =?utf-8?q?Diego=20Elio=20'Flameeyes'=20Petten=C3=B2?= <flameeyes@gmail.com>
+Date: Tue, 7 Jul 2009 20:51:53 +0200
+Subject: [PATCH] Remove exploitable LD_BIND_NOW hack (CVE-2009-1894).
+
+Instead of trying to re-execute pulseaudio itself with LD_BIND_NOW set,
+just find the correct flag for the linker to request immediate bindings
+(all ELF files support that option), and use that when linking the daemon.
+
+Reduce the amount of compiled and executed code as well.
+---
+ configure.ac      |    6 ++++++
+ src/Makefile.am   |    4 ++--
+ src/daemon/main.c |   22 ----------------------
+ 3 files changed, 8 insertions(+), 24 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 9c96d1c..cc7f674 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -113,6 +113,12 @@ CC_CHECK_LDFLAGS([${tmp_ldflag}],
+     [VERSIONING_LDFLAGS='-Wl,-version-script=$(srcdir)/map-file'])
+ AC_SUBST([VERSIONING_LDFLAGS])
+ 
++dnl Use immediate (now) bindings; avoids the funky re-call in itself
++dnl  the -z now syntax is lifted from Sun's linker and works with GNU's too
++dnl  other linkes might be added later
++CC_CHECK_LDFLAGS([-Wl,-z,now], [IMMEDIATE_LDFLAGS="-Wl,-z,now"])
++AC_SUBST([IMMEDIATE_LDFLAGS])
++
+ dnl Check for the proper way to build libraries that have no undefined
+ dnl symbols; on some hosts this needs to be avoided but the macro
+ dnl takes care of it.
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 7ebf1f8..ac627c8 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -183,9 +183,9 @@ PREOPEN_LIBS = $(modlibexec_LTLIBRARIES)
+ endif
+ 
+ if FORCE_PREOPEN
+-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f))
++pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) $(IMMEDIATE_LDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f))
+ else
+-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f))
++pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) $(IMMEDIATE_LDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f))
+ endif
+ 
+ ###################################
+diff --git a/src/daemon/main.c b/src/daemon/main.c
+index eb378d2..0f6fc90 100644
+--- a/src/daemon/main.c
++++ b/src/daemon/main.c
+@@ -401,28 +401,6 @@ int main(int argc, char *argv[]) {
+     pa_log_set_level(PA_LOG_NOTICE);
+     pa_log_set_flags(PA_LOG_COLORS|PA_LOG_PRINT_FILE|PA_LOG_PRINT_LEVEL, PA_LOG_RESET);
+ 
+-#if defined(__linux__) && defined(__OPTIMIZE__)
+-    /*
+-       Disable lazy relocations to make usage of external libraries
+-       more deterministic for our RT threads. We abuse __OPTIMIZE__ as
+-       a check whether we are a debug build or not.
+-    */
+-
+-    if (!getenv("LD_BIND_NOW")) {
+-        char *rp;
+-
+-        /* We have to execute ourselves, because the libc caches the
+-         * value of $LD_BIND_NOW on initialization. */
+-
+-        pa_set_env("LD_BIND_NOW", "1");
+-
+-        if ((rp = pa_readlink("/proc/self/exe")))
+-            pa_assert_se(execv(rp, argv) == 0);
+-        else
+-            pa_log_warn("Couldn't read /proc/self/exe, cannot self execute. Running in a chroot()?");
+-    }
+-#endif
+-
+     if ((e = getenv("PULSE_PASSED_FD"))) {
+         passed_fd = atoi(e);
+ 
+-- 
+1.6.3.3
+
diff --git a/pulseaudio.spec b/pulseaudio.spec
index 649eeb8..70509cc 100644
--- a/pulseaudio.spec
+++ b/pulseaudio.spec
@@ -3,7 +3,7 @@
 Name:		pulseaudio
 Summary: 	Improved Linux sound server
 Version:	0.9.15
-Release:	14%{?dist}
+Release:	15%{?dist}
 License:	GPLv2+
 Group:		System Environment/Daemons
 Source0:	http://0pointer.de/lennart/projects/pulseaudio/pulseaudio-%{version}.tar.gz
@@ -36,6 +36,7 @@ Patch25: 0001-core-cache-requested-latency-only-when-we-are-runni.patch
 Patch26: 0001-sample-fix-build-on-BE-archs.patch
 Patch27: 0001-alsa-properly-convert-return-values-of-snd_strerror.patch
 Patch28: 0001-alsa-remove-debug-code.patch
+Patch29: 0001-Remove-exploitable-LD_BIND_NOW-hack-CVE-2009-1894.patch
 URL:		http://pulseaudio.org
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  m4
@@ -244,6 +245,7 @@ This package contains command line utilities for the PulseAudio sound server.
 %patch26 -p1 
 %patch27 -p1 
 %patch28 -p1 
+%patch29 -p1
 
 %build
 CFLAGS="-ggdb" %configure --disable-static --disable-rpath --with-system-user=pulse --with-system-group=pulse --with-realtime-group=pulse-rt --with-access-group=pulse-access
@@ -464,6 +466,9 @@ groupadd -r pulse-access &>/dev/null || :
 %{_mandir}/man1/pax11publish.1.gz
 
 %changelog
+* Tue Jul 28 2009 Lennart Poettering <lpoetter@redhat.com> 0.9.15-15
+- Fix bug 510071
+
 * Tue Jun 9 2009 Lennart Poettering <lpoetter@redhat.com> 0.9.15-14
 - Fix mmap() related segfault
 - Closes #504750