diff --git a/libsmi-CVE-2010-2891.patch b/libsmi-CVE-2010-2891.patch
new file mode 100644
index 0000000..c088c28
--- /dev/null
+++ b/libsmi-CVE-2010-2891.patch
@@ -0,0 +1,21 @@
+Index: lib/smi.c
+===================================================================
+--- lib/smi.c	(revision 29144)
++++ lib/smi.c	(working copy)
+@@ -1793,10 +1793,15 @@
+     }
+ 
+     if (isdigit((int)node2[0])) {
+-	for (oidlen = 0, p = strtok(node2, ". "); p;
++	for (oidlen = 0, p = strtok(node2, ". ");
++	     p && oidlen < sizeof(oid)/sizeof(oid[0]);
+ 	     oidlen++, p = strtok(NULL, ". ")) {
+ 	    oid[oidlen] = strtoul(p, NULL, 0);
+ 	}
++	if (p) {
++	    /* the numeric OID is too long */
++	    return NULL;
++	}
+ 	nodePtr = getNode(oidlen, oid);
+ 	if (nodePtr) {
+ 	    if (modulePtr) {
diff --git a/libsmi.changes b/libsmi.changes
index 3bae12d..56d9eb1 100644
--- a/libsmi.changes
+++ b/libsmi.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Nov 11 10:38:11 UTC 2010 - nadvornik@novell.com
+
+- fixed buffer overflow CVE-2010-2891 (bnc#649867)
+
 -------------------------------------------------------------------
 Mon Mar 29 14:26:21 CEST 2010 - boris@steki.net
 
diff --git a/libsmi.spec b/libsmi.spec
index 5c6ea0a..e1942aa 100644
--- a/libsmi.spec
+++ b/libsmi.spec
@@ -29,6 +29,7 @@ Summary:        A Library to Access SMI MIB Information
 Source:         %{name}-%{version}.tar.gz
 Patch0:         libsmi-0.4.8-parser.patch
 Patch1:         libsmi-0.4.8-gnu-source.patch
+Patch2:         libsmi-CVE-2010-2891.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 BuildRequires:  bison flex
@@ -95,6 +96,7 @@ Authors:
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2
 
 %build
 autoreconf --force --install