diff --git a/krb5-1.8-MITKRB5-SA-2011-003.dif b/krb5-1.8-MITKRB5-SA-2011-003.dif
new file mode 100644
index 0000000..9fe77e2
--- /dev/null
+++ b/krb5-1.8-MITKRB5-SA-2011-003.dif
@@ -0,0 +1,13 @@
+Index: krb5-1.8.1/src/kdc/do_as_req.c
+===================================================================
+--- krb5-1.8.1.orig/src/kdc/do_as_req.c
++++ krb5-1.8.1/src/kdc/do_as_req.c
+@@ -784,6 +784,8 @@ prepare_error_as (struct kdc_request_sta
+                     pad->contents = td[size]->data;
+                     pad->length = td[size]->length;
+                     pa[size] = pad;
++                    td[size]->data = NULL;
++                    td[size]->length = 0;
+                 }
+             krb5_free_typed_data(kdc_context, td);
+         }
diff --git a/krb5-mini.changes b/krb5-mini.changes
index b33a758..d830641 100644
--- a/krb5-mini.changes
+++ b/krb5-mini.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Mar  1 12:43:22 CET 2011 - mc@suse.de
+
+- Fix vulnerability to a double-free condition in KDC daemon
+  (MITKRB5-SA-2011-003, bnc#671717)
+  CVE-2011-0284
+
 -------------------------------------------------------------------
 Wed Jan 19 14:42:27 CET 2011 - mc@suse.de
 
diff --git a/krb5-mini.spec b/krb5-mini.spec
index 4b2dc78..98224bb 100644
--- a/krb5-mini.spec
+++ b/krb5-mini.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package krb5-mini
+# spec file for package krb5
 #
 # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -59,6 +59,7 @@ Patch12:        krb5-1.8-MITKRB5-SA-2010-006.dif
 Patch13:        MITKRB5-SA-2010-007-1.8.dif
 Patch14:        krb5-1.8-MITKRB5-SA-2011-001.dif
 Patch15:        krb5-1.8-MITKRB5-SA-2011-002.dif
+Patch16:        krb5-1.8-MITKRB5-SA-2011-003.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
 PreReq:         %insserv_prereq %fillup_prereq 
@@ -210,6 +211,7 @@ Authors:
 %patch13 -p1
 %patch14 -p1
 %patch15 -p0
+%patch16 -p1
 # Rename the man pages so that they'll get generated correctly.
 pushd src
 cat %{SOURCE10} | while read manpage ; do
diff --git a/krb5.changes b/krb5.changes
index b33a758..d830641 100644
--- a/krb5.changes
+++ b/krb5.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Mar  1 12:43:22 CET 2011 - mc@suse.de
+
+- Fix vulnerability to a double-free condition in KDC daemon
+  (MITKRB5-SA-2011-003, bnc#671717)
+  CVE-2011-0284
+
 -------------------------------------------------------------------
 Wed Jan 19 14:42:27 CET 2011 - mc@suse.de
 
diff --git a/krb5.spec b/krb5.spec
index c90fe37..0d32498 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -59,6 +59,7 @@ Patch12:        krb5-1.8-MITKRB5-SA-2010-006.dif
 Patch13:        MITKRB5-SA-2010-007-1.8.dif
 Patch14:        krb5-1.8-MITKRB5-SA-2011-001.dif
 Patch15:        krb5-1.8-MITKRB5-SA-2011-002.dif
+Patch16:        krb5-1.8-MITKRB5-SA-2011-003.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
 PreReq:         %insserv_prereq %fillup_prereq 
@@ -210,6 +211,7 @@ Authors:
 %patch13 -p1
 %patch14 -p1
 %patch15 -p0
+%patch16 -p1
 # Rename the man pages so that they'll get generated correctly.
 pushd src
 cat %{SOURCE10} | while read manpage ; do