diff --git a/getaddrinfo-overflow.patch b/getaddrinfo-overflow.patch
new file mode 100644
index 0000000..6071c89
--- /dev/null
+++ b/getaddrinfo-overflow.patch
@@ -0,0 +1,44 @@
+2013-10-25  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+	[BZ #16072]
+	* sysdeps/posix/getaddrinfo.c (gethosts): Allocate tmpbuf on
+	heap for large requests.
+
+Index: glibc-2.18/sysdeps/posix/getaddrinfo.c
+===================================================================
+--- glibc-2.18.orig/sysdeps/posix/getaddrinfo.c
++++ glibc-2.18/sysdeps/posix/getaddrinfo.c
+@@ -197,7 +197,22 @@ gaih_inet_serv (const char *servicename,
+ 				&rc, &herrno, NULL, &localcanon));	      \
+     if (rc != ERANGE || herrno != NETDB_INTERNAL)			      \
+       break;								      \
+-    tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen);		      \
++    if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen))    \
++      tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen,	      \
++				      alloca_used);			      \
++    else								      \
++      {									      \
++	char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL,		      \
++			      2 * tmpbuflen);				      \
++	if (newp == NULL)						      \
++	  {								      \
++	    result = -EAI_MEMORY;					      \
++	    goto free_and_return;					      \
++	  }								      \
++	tmpbuf = newp;							      \
++	malloc_tmpbuf = true;						      \
++	tmpbuflen = 2 * tmpbuflen;					      \
++      }									      \
+   }									      \
+   if (status == NSS_STATUS_SUCCESS && rc == 0)				      \
+     h = &th;								      \
+@@ -209,7 +224,8 @@ gaih_inet_serv (const char *servicename,
+ 	{								      \
+ 	  __set_h_errno (herrno);					      \
+ 	  _res.options |= old_res_options & RES_USE_INET6;		      \
+-	  return -EAI_SYSTEM;						      \
++	  result = -EAI_SYSTEM;						      \
++	  goto free_and_return;						      \
+ 	}								      \
+       if (herrno == TRY_AGAIN)						      \
+ 	no_data = EAI_AGAIN;						      \
diff --git a/glibc-testsuite.changes b/glibc-testsuite.changes
index 0177529..92f4496 100644
--- a/glibc-testsuite.changes
+++ b/glibc-testsuite.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Oct 30 14:05:30 UTC 2013 - schwab@suse.de
+
+- getaddrinfo-overflow.patch: Fix stack overflow due to large AF_INET6
+  requests (CVE-2013-4458, bnc#847227)
+
 -------------------------------------------------------------------
 Mon Oct 21 12:14:38 UTC 2013 - schwab@suse.de
 
diff --git a/glibc-testsuite.spec b/glibc-testsuite.spec
index ed5e4b6..d8a0edd 100644
--- a/glibc-testsuite.spec
+++ b/glibc-testsuite.spec
@@ -250,6 +250,8 @@ Patch1000:      fcntl-o-tmpfile.patch
 Patch1001:      malloc-overflows.patch
 # PATCH-FIX-UPSTREAM m68k: Use PIC for Scrt1.o
 Patch1002:      m68k-Scrt1.patch
+# PATCH-FIX-UPSTREAM Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458)
+Patch1003:      getaddrinfo-overflow.patch
 
 ### 
 # Patches awaiting upstream approval
@@ -478,6 +480,7 @@ rm nscd/s-stamp
 %patch1000 -p1
 %patch1001 -p1
 %patch1002 -p1
+%patch1003 -p1
 
 # XXX Disable, it breaks the testsuite, test elf/tst-audit2 
 # %patch2008 -p1
diff --git a/glibc-utils.changes b/glibc-utils.changes
index 0177529..92f4496 100644
--- a/glibc-utils.changes
+++ b/glibc-utils.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Oct 30 14:05:30 UTC 2013 - schwab@suse.de
+
+- getaddrinfo-overflow.patch: Fix stack overflow due to large AF_INET6
+  requests (CVE-2013-4458, bnc#847227)
+
 -------------------------------------------------------------------
 Mon Oct 21 12:14:38 UTC 2013 - schwab@suse.de
 
diff --git a/glibc-utils.spec b/glibc-utils.spec
index e9ad872..a92d045 100644
--- a/glibc-utils.spec
+++ b/glibc-utils.spec
@@ -249,6 +249,8 @@ Patch1000:      fcntl-o-tmpfile.patch
 Patch1001:      malloc-overflows.patch
 # PATCH-FIX-UPSTREAM m68k: Use PIC for Scrt1.o
 Patch1002:      m68k-Scrt1.patch
+# PATCH-FIX-UPSTREAM Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458)
+Patch1003:      getaddrinfo-overflow.patch
 
 ### 
 # Patches awaiting upstream approval
@@ -478,6 +480,7 @@ rm nscd/s-stamp
 %patch1000 -p1
 %patch1001 -p1
 %patch1002 -p1
+%patch1003 -p1
 
 # XXX Disable, it breaks the testsuite, test elf/tst-audit2 
 # %patch2008 -p1
diff --git a/glibc.changes b/glibc.changes
index 0177529..92f4496 100644
--- a/glibc.changes
+++ b/glibc.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Oct 30 14:05:30 UTC 2013 - schwab@suse.de
+
+- getaddrinfo-overflow.patch: Fix stack overflow due to large AF_INET6
+  requests (CVE-2013-4458, bnc#847227)
+
 -------------------------------------------------------------------
 Mon Oct 21 12:14:38 UTC 2013 - schwab@suse.de
 
diff --git a/glibc.spec b/glibc.spec
index 2e29d40..dfe8bb6 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -250,6 +250,8 @@ Patch1000:      fcntl-o-tmpfile.patch
 Patch1001:      malloc-overflows.patch
 # PATCH-FIX-UPSTREAM m68k: Use PIC for Scrt1.o
 Patch1002:      m68k-Scrt1.patch
+# PATCH-FIX-UPSTREAM Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458)
+Patch1003:      getaddrinfo-overflow.patch
 
 ### 
 # Patches awaiting upstream approval
@@ -478,6 +480,7 @@ rm nscd/s-stamp
 %patch1000 -p1
 %patch1001 -p1
 %patch1002 -p1
+%patch1003 -p1
 
 # XXX Disable, it breaks the testsuite, test elf/tst-audit2 
 # %patch2008 -p1