diff --git a/cups-1.3.9-cupsImageReadTiff.patch b/cups-1.3.9-cupsImageReadTiff.patch
new file mode 100644
index 0000000..ab11211
--- /dev/null
+++ b/cups-1.3.9-cupsImageReadTiff.patch
@@ -0,0 +1,15 @@
+Index: filter/image-private.h
+===================================================================
+--- filter/image-private.h	(revision 8153)
++++ filter/image-private.h	(working copy)
+@@ -40,8 +40,8 @@
+ 
+ #  define CUPS_IMAGE_MAX_WIDTH	0x07ffffff
+ 					/* 2^27-1 to allow for 15-channel data */
+-#  define CUPS_IMAGE_MAX_HEIGHT	0x7fffffff
+-					/* 2^31-1 */
++#  define CUPS_IMAGE_MAX_HEIGHT	0x3fffffff
++					/* 2^30-1 */
+ 
+ #  define CUPS_TILE_SIZE	256	/* 256x256 pixel tiles */
+ #  define CUPS_TILE_MINIMUM	10	/* Minimum number of tiles */
diff --git a/cups.changes b/cups.changes
index b37d3f8..95bc4c7 100644
--- a/cups.changes
+++ b/cups.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Mar 26 12:59:36 CET 2009 - jsmeix@suse.de
+
+- cups-1.3.9-cupsImageReadTiff.patch fixes an integer overflow
+  in the "_cupsImageReadTIFF()" function CVE-2009-0163
+  (CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895).
+
 -------------------------------------------------------------------
 Wed Jan 21 14:17:25 CET 2009 - kssingvo@suse.de
 
diff --git a/cups.spec b/cups.spec
index 1eda64f..7ae84a3 100644
--- a/cups.spec
+++ b/cups.spec
@@ -30,7 +30,7 @@ License:        GPL v2 or later
 Group:          Hardware/Printing
 Summary:        The Common UNIX Printing System
 Version:        1.3.9
-Release:        10
+Release:        11
 Requires:       cups-libs = %{version}, cups-client = %{version}
 Requires:       ghostscript_any, ghostscript-fonts-std, foomatic-filters
 Requires:       util-linux /usr/bin/pdftops
@@ -85,6 +85,9 @@ Patch23:        cups-1.3.9-cupstestppd.patch
 Patch24:        cups-1.3.9-max_subscription.patch
 Patch25:        cups-1.3.9-filter_png_overflow2.patch
 Patch26:        cups-1.3.9-hpgltops2.patch
+# Patch27 fixes an integer overflow in the "_cupsImageReadTIFF()" function,
+# (CVE-2009-0163 and CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895):
+Patch27:        cups-1.3.9-cupsImageReadTiff.patch
 Patch100:       cups-1.1.23-testpage.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -200,6 +203,9 @@ mv pdftops pdftos.use_filter_pdftops_c
 %patch24 -p1
 %patch25 -p1
 %patch26 -p1
+# Patch27 fixes an integer overflow in the "_cupsImageReadTIFF()" function,
+# (CVE-2009-0163 and CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895):
+%patch27
 if [ -f /.buildenv ]; then
 	. /.buildenv
 	test -z "$BUILD_DISTRIBUTION_NAME" && BUILD_DISTRIBUTION_NAME="%{?distribution}"
@@ -454,6 +460,10 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no
 %{_datadir}/locale/*/cups_*
 
 %changelog
+* Thu Mar 26 2009 jsmeix@suse.de
+- cups-1.3.9-cupsImageReadTiff.patch fixes an integer overflow
+  in the "_cupsImageReadTIFF()" function CVE-2009-0163
+  (CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895).
 * Wed Jan 21 2009 kssingvo@suse.de
 - added directory %%{libdir}/cups/driver to %%files of cups (bnc#465794)
 * Wed Jan 14 2009 olh@suse.de