diff --git a/glibc.spec b/glibc.spec
index 04f695b..5854251 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -1,6 +1,6 @@
-%define glibcsrcdir glibc-2.27-53-g0cd4a5e87f
+%define glibcsrcdir glibc-2.27-56-g50df56ca86
 %define glibcversion 2.27
-%define glibcrelease 14%{?dist}
+%define glibcrelease 15%{?dist}
 # Pre-release tarballs are pulled in from git using a command that is
 # effectively:
 #
@@ -1969,6 +1969,11 @@ fi
 %endif
 
 %changelog
+* Thu May 24 2018 Florian Weimer <fweimer@redhat.com> - 2.27-15
+- Auto-sync with upstream branch release/2.27/master,
+  commit 50df56ca86a281c8fd99a8100aac75539813788d:
+- CVE-2018-11237: Buffer overflow in mempcpy for Xeon Phi (#1581275)
+
 * Thu May 17 2018 Florian Weimer <fweimer@redhat.com> - 2.27-14
 - Do not run telinit u on upgrades (#1579225)
 
diff --git a/sources b/sources
index 706c79d..b9d38d0 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (glibc-2.27-53-g0cd4a5e87f.tar.gz) = 3c2a72274382f2ca12b32e9220d0f2aac7cb5f5969f81c2770115be4ce0aeb8e192c553c3bbf6f0b6dc530e9303e1542e50e9614a10b6b702b53cafca6275fb1
+SHA512 (glibc-2.27-56-g50df56ca86.tar.gz) = e0f96391b35cff823698c60ce0d0b308677a43e48cf4f2b3f8ad847ef76402ad50b97d448e12ffdcdf67e6d1ac67f5aebe6e63e9091064d1e1e804c1aa7df66f