diff --git a/tiff-CVE-2018-10779.patch b/tiff-CVE-2018-10779.patch
new file mode 100644
index 0000000..fae407d
--- /dev/null
+++ b/tiff-CVE-2018-10779.patch
@@ -0,0 +1,19 @@
+diff --git a/libtiff/tif_write.c b/libtiff/tif_write.c
+index 586f6fdff66a7a0c1864dbe1e2c5831602b055ce..a31ecd12c133ac18bed6bfbc97fcbad5e19a3257 100644
+--- a/libtiff/tif_write.c
++++ b/libtiff/tif_write.c
+@@ -538,9 +538,11 @@ TIFFSetupStrips(TIFF* tif)
+ 	if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
+ 		td->td_stripsperimage /= td->td_samplesperpixel;
+ 	td->td_stripoffset = (uint64 *)
+-	    _TIFFmalloc(td->td_nstrips * sizeof (uint64));
++            _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64),
++                             "for \"StripOffsets\" array");
+ 	td->td_stripbytecount = (uint64 *)
+-	    _TIFFmalloc(td->td_nstrips * sizeof (uint64));
++            _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64),
++                             "for \"StripByteCounts\" array");
+ 	if (td->td_stripoffset == NULL || td->td_stripbytecount == NULL)
+ 		return (0);
+ 	/*
+
diff --git a/tiff.changes b/tiff.changes
index 5a4dd47..89909d1 100644
--- a/tiff.changes
+++ b/tiff.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Aug 24 11:43:53 UTC 2018 - pgajdos@suse.com
+
+- remove pal2rgb tool [bsc#1071031]
+
+-------------------------------------------------------------------
+Wed Aug 15 15:10:32 UTC 2018 - pgajdos@suse.com
+
+- security update
+  * CVE-2018-10779 [bsc#1092480]
+    + tiff-CVE-2018-10779.patch
+
 -------------------------------------------------------------------
 Tue Jun  5 12:21:02 UTC 2018 - pgajdos@suse.com
 
diff --git a/tiff.spec b/tiff.spec
index 5818621..0250b61 100644
--- a/tiff.spec
+++ b/tiff.spec
@@ -37,6 +37,7 @@ Patch5:         tiff-CVE-2017-18013.patch
 Patch6:         tiff-CVE-2018-7456.patch
 Patch7:         tiff-CVE-2017-11613.patch
 Patch8:         tiff-CVE-2018-8905.patch
+Patch9:         tiff-CVE-2018-10779.patch
 
 BuildRequires:  gcc-c++
 BuildRequires:  libjpeg-devel
@@ -107,6 +108,7 @@ the libtiff library.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
 
 %build
 CFLAGS="%{optflags} -fPIE"
@@ -127,6 +129,12 @@ cp %{SOURCE2} .
 rm -rf %{buildroot}%{_datadir}/doc/tiff*
 find %{buildroot} -type f -name "*.la" -delete -print
 find html -name "Makefile*" | xargs rm
+# remove pal2rgb, bsc#1071031
+for tool in pal2rgb; do
+  rm %{buildroot}%{_bindir}/$tool
+  rm %{buildroot}%{_mandir}/man1/$tool.1
+  rm html/man/$tool.1.html
+done
 
 %check
 for i in tools test; do