diff --git a/rsync-3.1.2-CVE-2018-5764.patch b/rsync-3.1.2-CVE-2018-5764.patch
new file mode 100644
index 0000000..d6da586
--- /dev/null
+++ b/rsync-3.1.2-CVE-2018-5764.patch
@@ -0,0 +1,38 @@
+From 7706303828fcde524222babb2833864a4bd09e07 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Mon, 20 Nov 2017 14:42:30 -0800
+Subject: [PATCH 1/1] Ignore --protect-args when already sent by client
+
+In parse_arguments when --protect-args is encountered the function exits
+early. The caller is expected to check protect_args, and recall
+parse_arguments setting protect_args to 2. This patch prevents the
+client from resetting protect_args during the second pass of
+parse_arguments. This prevents parse_arguments returning early the
+second time before it's able to sanitize the arguments it received.
+---
+ options.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+Index: rsync-3.1.2/options.c
+===================================================================
+--- rsync-3.1.2.orig/options.c
++++ rsync-3.1.2/options.c
+@@ -1304,6 +1304,7 @@ int parse_arguments(int *argc_p, const c
+ 	const char *arg, **argv = *argv_p;
+ 	int argc = *argc_p;
+ 	int opt;
++	int orig_protect_args = protect_args;
+ 
+ 	if (ref && *ref)
+ 		set_refuse_options(ref);
+@@ -1933,6 +1934,10 @@ int parse_arguments(int *argc_p, const c
+ 	if (fuzzy_basis > 1)
+ 		fuzzy_basis = basis_dir_cnt + 1;
+ 
++	/* Don't let the client reset protect_args if it was already processed */
++	if (orig_protect_args == 2 && am_server)
++	   protect_args = orig_protect_args;
++
+ 	if (protect_args == 1 && am_server)
+ 		return 1;
+ 
diff --git a/rsync.changes b/rsync.changes
index da963ab..864f3b0 100644
--- a/rsync.changes
+++ b/rsync.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Jan 18 12:13:48 UTC 2018 - pmonrealgonzalez@suse.com
+
+- Security fix: Ignore --protect-args when already sent by client
+  [bsc#1076503, CVE-2018-5764]
+  * Added patch rsync-3.1.2-CVE-2018-5764.patch
+
 -------------------------------------------------------------------
 Tue Jan  9 17:07:12 UTC 2018 - pmonrealgonzalez@suse.com
 
diff --git a/rsync.spec b/rsync.spec
index b870bed..fa8d0ae 100644
--- a/rsync.spec
+++ b/rsync.spec
@@ -45,6 +45,8 @@ Patch3:         rsync-CVE-2017-16548.patch
 #PATCH-FIX-UPSTREAM bcs#1062063 rsync doesn't stop on errors
 Patch4:         rsync-send_error_to_sender.patch
 Patch5:         rsync-avoid-uploading-after-error.patch
+#PATCH-FIX-UPSTREAM bcs#1076503 CVE-2018-5764 parse_arguments function does not prevent multiple --protect-arg
+Patch6:         rsync-3.1.2-CVE-2018-5764.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libacl-devel
@@ -81,6 +83,7 @@ patch -p1 < patches/time-limit.diff
 %patch3 -p1
 %patch4
 %patch5
+%patch6 -p1
 
 %build
 autoreconf -fiv