diff --git a/bluetooth-bnep-fix-buffer-overflow.patch b/bluetooth-bnep-fix-buffer-overflow.patch
new file mode 100644
index 000000000..d078579c8
--- /dev/null
+++ b/bluetooth-bnep-fix-buffer-overflow.patch
@@ -0,0 +1,28 @@
+From: Vasiliy Kulikov <segoon@openwall.com>
+Date: Mon, 14 Feb 2011 10:54:31 +0000 (+0300)
+Subject: Bluetooth: bnep: fix buffer overflow
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=43629f8f5ea32a998d06d1bb41eefa0e821ff573
+
+Bluetooth: bnep: fix buffer overflow
+
+Struct ca is copied from userspace.  It is not checked whether the "device"
+field is NULL terminated.  This potentially leads to BUG() inside of
+alloc_netdev_mqs() and/or information leak by creating a device with a name
+made of contents of kernel stack.
+
+Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
+Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
+---
+
+diff --git a/net/bluetooth/bnep/sock.c b/net/bluetooth/bnep/sock.c
+index 2862f53..d935da7 100644
+--- a/net/bluetooth/bnep/sock.c
++++ b/net/bluetooth/bnep/sock.c
+@@ -88,6 +88,7 @@ static int bnep_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
+ 			sockfd_put(nsock);
+ 			return -EBADFD;
+ 		}
++		ca.device[sizeof(ca.device)-1] = 0;
+ 
+ 		err = bnep_add_connection(&ca, nsock);
+ 		if (!err) {
diff --git a/kernel.spec b/kernel.spec
index 7f1abf100..ee0302e4c 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -848,6 +848,9 @@ Patch13952: drm-hold-the-mutex-when-dropping-the-last-gem-reference-v2.patch
 
 Patch13955: virtio_net-add-schedule-check-to-napi_enable-call.patch
 
+# cve-2011-1079
+Patch13956: bluetooth-bnep-fix-buffer-overflow.patch
+
 %endif
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1605,6 +1608,9 @@ ApplyPatch drm-hold-the-mutex-when-dropping-the-last-gem-reference-v2.patch
 
 ApplyPatch virtio_net-add-schedule-check-to-napi_enable-call.patch
 
+# cve-2011-1079
+ApplyPatch bluetooth-bnep-fix-buffer-overflow.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2225,7 +2231,10 @@ fi
 %kernel_variant_files %{with_pae_debug} PAEdebug
 
 %changelog
-* Sun Apr 17 2011 Chuck Ebbert <cebbert@redhat.com> 2.6.34.9-69
+* Fri Apr 29 2011 Chuck Ebbert <cebbert@redhat.com> 2.6.34.9-69
+- Bluetooth: bnep: fix buffer overflow (CVE-2011-1079)
+
+* Sun Apr 17 2011 Chuck Ebbert <cebbert@redhat.com>
 - Linux 2.6.34.9
 - Fix up drm-next.patch to apply on top of cda4b7d3a, e06b14ee9
 - Un-revert 6a1a82df9 from upstream