diff --git a/am-utils-6.1.5-expn-temp.patch b/am-utils-6.1.5-expn-temp.patch
new file mode 100644
index 0000000..a2f1b94
--- /dev/null
+++ b/am-utils-6.1.5-expn-temp.patch
@@ -0,0 +1,26 @@
+
+CVE-2008-1078 am-utils: insecure usage of temporary files
+
+Addresses-Red-Hat-Bugzilla: #435420
+Signed-off-by: Karel Zak <kzak@redhat.com>
+
+diff -up am-utils-6.1.5/scripts/expn.in.kzak am-utils-6.1.5/scripts/expn.in
+--- am-utils-6.1.5/scripts/expn.in.kzak	2008-05-29 12:43:19.000000000 +0200
++++ am-utils-6.1.5/scripts/expn.in	2008-05-29 12:44:20.000000000 +0200
+@@ -9,6 +9,7 @@
+ # hardcoded constants, should work fine for BSD-based systems
+ #require 'sys/socket.ph';	# perl 4
+ use Socket;			# perl 5
++use Fcntl
+ $AF_INET = &AF_INET;
+ $SOCK_STREAM = &SOCK_STREAM;
+ 
+@@ -1009,7 +1010,7 @@ sub mxlookup
+ 	}
+ 
+ 	$0 = "$av0 - nslookup of $server";
+-	open(T,">/tmp/expn$$") || die "open > /tmp/expn$$: $!\n";
++	sysopen(T,"/tmp/expn$$", O_EXCL | O_CREAT) || die "open > /tmp/expn$$: $!\n";
+ 	print T "set querytype=MX\n";
+ 	print T "$server\n";
+ 	close(T);
diff --git a/am-utils.spec b/am-utils.spec
index e8b11cd..ccbdbc8 100644
--- a/am-utils.spec
+++ b/am-utils.spec
@@ -1,7 +1,7 @@
 Summary: Automount utilities including an updated version of Amd
 Name: am-utils
 Version: 6.1.5
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: BSD
 Epoch: 5
 Group: System Environment/Daemons
@@ -44,6 +44,8 @@ Patch2: am-utils-6.1.5-nfs-version.patch
 Patch3: am-utils-6.1.5-UTS_RELEASE.patch
 # Build system bugfixes
 Patch4: am-utils-6.1.5-buildsys.patch
+# 435420 - CVE-2008-1078 am-utils: insecure usage of temporary files
+Patch5: am-utils-6.1.5-expn-temp.patch
 
 # We need to filter out some perl requirements for now.
 %define _use_internal_dependency_generator 0
@@ -66,7 +68,8 @@ mounting and unmounting filesystems.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
-%patch4 -p1 -b .kzak
+%patch4 -p1
+%patch5 -p1
 
 find_requires=%{old_find_requires}
 echo "$find_requires | grep -v lostaltmail.conf" > find-requires
@@ -171,6 +174,9 @@ fi
 %{_libdir}/libamu.so*
 
 %changelog
+* Thu May 29 2008 Karel Zak <kzak@redhat.com> 5:6.1.5-10
+- fix #435420 - CVE-2008-1078 am-utils: insecure usage of temporary files
+
 * Tue May 20 2008 Karel Zak <kzak@redhat.com> 5:6.1.5-9
 - spec file cleanup according to rpmlint
 - fix autotools stuff