diff --git a/glibc-rh1631338-1.patch b/glibc-rh1631338-1.patch
new file mode 100644
index 0000000..fc2a74e
--- /dev/null
+++ b/glibc-rh1631338-1.patch
@@ -0,0 +1,29 @@
+commit e7d22db29cfdd2f1fb97a70a76fa53d151569945
+Author: Mingli Yu <Mingli.Yu@windriver.com>
+Date:   Thu Sep 20 12:41:13 2018 +0200
+
+    Linux gethostid: Check for NULL value from gethostbyname_r [BZ #23679]
+    
+    A NULL value can happen with certain gethostbyname_r failures.
+    
+    (cherry picked from commit 1214ba06e6771acb953a190091b0f6055c64fd25)
+
+diff --git a/sysdeps/unix/sysv/linux/gethostid.c b/sysdeps/unix/sysv/linux/gethostid.c
+index 2e20f034dc134cc7..ee0190e7f945db1f 100644
+--- a/sysdeps/unix/sysv/linux/gethostid.c
++++ b/sysdeps/unix/sysv/linux/gethostid.c
+@@ -102,12 +102,12 @@ gethostid (void)
+     {
+       int ret = __gethostbyname_r (hostname, &hostbuf,
+ 				   tmpbuf.data, tmpbuf.length, &hp, &herr);
+-      if (ret == 0)
++      if (ret == 0 && hp != NULL)
+ 	break;
+       else
+ 	{
+ 	  /* Enlarge the buffer on ERANGE.  */
+-	  if (herr == NETDB_INTERNAL && errno == ERANGE)
++	  if (ret != 0 && herr == NETDB_INTERNAL && errno == ERANGE)
+ 	    {
+ 	      if (!scratch_buffer_grow (&tmpbuf))
+ 		return 0;
diff --git a/glibc-rh1631338-2.patch b/glibc-rh1631338-2.patch
new file mode 100644
index 0000000..4eef814
--- /dev/null
+++ b/glibc-rh1631338-2.patch
@@ -0,0 +1,146 @@
+commit 307d04334d516bb180f484a2b283f97310bfee66
+Author: Florian Weimer <fweimer@redhat.com>
+Date:   Thu Sep 20 12:03:01 2018 +0200
+
+    misc: New test misc/tst-gethostid
+    
+    The empty /etc/hosts file used to trigger bug 23679.
+    
+    (cherry picked from commit db9a8ad4ff3fc58e3773a9a4d0cabe3c1bc9c94c)
+
+diff --git a/misc/Makefile b/misc/Makefile
+index b7be2bc19a6f7ed5..c9f81515ac9aef2c 100644
+--- a/misc/Makefile
++++ b/misc/Makefile
+@@ -86,6 +86,11 @@ tests := tst-dirname tst-tsearch tst-fdset tst-efgcvt tst-mntent tst-hsearch \
+ 	 tst-preadvwritev tst-preadvwritev64 tst-makedev tst-empty \
+ 	 tst-preadvwritev2 tst-preadvwritev64v2
+ 
++# Tests which need libdl.
++ifeq (yes,$(build-shared))
++tests += tst-gethostid
++endif
++
+ tests-internal := tst-atomic tst-atomic-long tst-allocate_once
+ tests-static := tst-empty
+ 
+@@ -145,3 +150,5 @@ tst-allocate_once-ENV = MALLOC_TRACE=$(objpfx)tst-allocate_once.mtrace
+ $(objpfx)tst-allocate_once-mem.out: $(objpfx)tst-allocate_once.out
+ 	$(common-objpfx)malloc/mtrace $(objpfx)tst-allocate_once.mtrace > $@; \
+ 	$(evaluate-test)
++
++$(objpfx)tst-gethostid: $(libdl)
+diff --git a/misc/tst-gethostid.c b/misc/tst-gethostid.c
+new file mode 100644
+index 0000000000000000..1490aaf3f517ff1d
+--- /dev/null
++++ b/misc/tst-gethostid.c
+@@ -0,0 +1,108 @@
++/* Basic test for gethostid.
++   Copyright (C) 2018 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <http://www.gnu.org/licenses/>.  */
++
++#include <gnu/lib-names.h>
++#include <nss.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <support/namespace.h>
++#include <support/support.h>
++#include <support/temp_file.h>
++#include <support/xdlfcn.h>
++#include <support/xstdio.h>
++#include <support/xunistd.h>
++#include <unistd.h>
++
++/* Initial test is run outside a chroot, to increase the likelihood of
++   success.  */
++static void
++outside_chroot (void *closure)
++{
++  long id = gethostid ();
++  printf ("info: host ID outside chroot: 0x%lx\n", id);
++}
++
++/* The same, but this time perform a chroot operation.  */
++static void
++in_chroot (void *closure)
++{
++  const char *chroot_path = closure;
++  xchroot (chroot_path);
++  long id = gethostid ();
++  printf ("info: host ID in chroot: 0x%lx\n", id);
++}
++
++static int
++do_test (void)
++{
++  support_isolate_in_subprocess (outside_chroot, NULL);
++
++  /* Now run the test inside a chroot.  */
++  support_become_root ();
++  if (!support_can_chroot ())
++    /* Cannot perform further tests.  */
++    return 0;
++
++  /* Only use nss_files.  */
++  __nss_configure_lookup ("hosts", "files");
++
++  /* Load the DSO outside of the chroot.  */
++  xdlopen (LIBNSS_FILES_SO, RTLD_LAZY);
++
++  char *chroot_dir = support_create_temp_directory ("tst-gethostid-");
++  support_isolate_in_subprocess (in_chroot, chroot_dir);
++
++  /* Tests with /etc/hosts in the chroot.  */
++  {
++    char *path = xasprintf ("%s/etc", chroot_dir);
++    add_temp_file (path);
++    xmkdir (path, 0777);
++    free (path);
++    path = xasprintf ("%s/etc/hosts", chroot_dir);
++    add_temp_file (path);
++
++    FILE *fp = xfopen (path, "w");
++    xfclose (fp);
++    printf ("info: chroot test with an empty /etc/hosts file\n");
++    support_isolate_in_subprocess (in_chroot, chroot_dir);
++
++    char hostname[1024];
++    int ret = gethostname (hostname, sizeof (hostname));
++    if (ret < 0)
++      printf ("warning: invalid result from gethostname: %d\n", ret);
++    else if (strlen (hostname) == 0)
++      puts ("warning: gethostname returned empty string");
++    else
++      {
++        printf ("info: chroot test with IPv6 address in /etc/hosts for: %s\n",
++                hostname);
++        fp = xfopen (path, "w");
++        /* Use an IPv6 address to induce another lookup failure.  */
++        fprintf (fp, "2001:db8::1 %s\n", hostname);
++        xfclose (fp);
++        support_isolate_in_subprocess (in_chroot, chroot_dir);
++      }
++    free (path);
++  }
++  free (chroot_dir);
++
++  return 0;
++}
++
++#include <support/test-driver.c>
diff --git a/glibc.spec b/glibc.spec
index 1c6e401..d916574 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -1,6 +1,6 @@
 %define glibcsrcdir glibc-2.28
 %define glibcversion 2.28
-%define glibcrelease 11%{?dist}
+%define glibcrelease 12%{?dist}
 # Pre-release tarballs are pulled in from git using a command that is
 # effectively:
 #
@@ -167,6 +167,8 @@ Patch31: glibc-nss_files-leak.patch
 Patch32: glibc-rh1622669.patch
 Patch33: glibc-1622674-1.patch
 Patch34: glibc-1622674-2.patch
+Patch35: glibc-rh1631338-1.patch
+Patch36: glibc-rh1631338-2.patch
 
 ##############################################################################
 # Continued list of core "glibc" package information:
@@ -1908,6 +1910,9 @@ fi
 %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
 
 %changelog
+* Wed Sep 26 2018 Florian Weimer <fweimer@redhat.com> - 2.28-12
+- gethostid: Missing NULL check for gethostbyname_r result (#1631338)
+
 * Wed Sep  5 2018 Florian Weimer <fweimer@redhat.com> - 2.28-11
 - Add python3-devel build dependency for downstream benefit