diff --git a/SOURCES/binutils-CVE-2025-11083.patch b/SOURCES/binutils-CVE-2025-11083.patch
new file mode 100644
index 0000000..18c3d98
--- /dev/null
+++ b/SOURCES/binutils-CVE-2025-11083.patch
@@ -0,0 +1,79 @@
+From 9ca499644a21ceb3f946d1c179c38a83be084490 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Thu, 18 Sep 2025 16:59:25 -0700
+Subject: [PATCH] elf: Don't match corrupt section header in linker input
+
+Don't swap in nor match corrupt section header in linker input to avoid
+linker crash later.
+
+	PR ld/33457
+	* elfcode.h (elf_swap_shdr_in): Changed to return bool.  Return
+	false for corrupt section header in linker input.
+	(elf_object_p): Reject if elf_swap_shdr_in returns false.
+
+Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+---
+ bfd/elfcode.h | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+--- binutils-2.35.2.orig/bfd/elfcode.h	2025-11-11 11:51:18.923256541 +0000
++++ binutils-2.35.2/bfd/elfcode.h	2025-11-11 11:56:54.539093437 +0000
+@@ -298,7 +298,7 @@ elf_swap_ehdr_out (bfd *abfd,
+ /* Translate an ELF section header table entry in external format into an
+    ELF section header table entry in internal format.  */
+ 
+-static void
++static bfd_boolean
+ elf_swap_shdr_in (bfd *abfd,
+ 		  const Elf_External_Shdr *src,
+ 		  Elf_Internal_Shdr *dst)
+@@ -322,10 +322,13 @@ elf_swap_shdr_in (bfd *abfd,
+       ufile_ptr filesize = bfd_get_file_size (abfd);
+ 
+       if (filesize != 0 && dst->sh_size > filesize)
+-	_bfd_error_handler
+-	  (_("warning: %pB has a corrupt section with a size (%"
+-	     BFD_VMA_FMT "x) larger than the file size"),
+-	   abfd, dst->sh_size);
++	{
++	  _bfd_error_handler
++	    (_("warning: %pB has a corrupt section with a size (%"
++	       BFD_VMA_FMT "x) larger than the file size"),
++	     abfd, dst->sh_size);
++	  return FALSE;
++	}
+     }
+   dst->sh_link = H_GET_32 (abfd, src->sh_link);
+   dst->sh_info = H_GET_32 (abfd, src->sh_info);
+@@ -333,6 +336,7 @@ elf_swap_shdr_in (bfd *abfd,
+   dst->sh_entsize = H_GET_WORD (abfd, src->sh_entsize);
+   dst->bfd_section = NULL;
+   dst->contents = NULL;
++  return TRUE;
+ }
+ 
+ /* Translate an ELF section header table entry in internal format into an
+@@ -625,9 +629,9 @@ elf_object_p (bfd *abfd)
+ 
+       /* Read the first section header at index 0, and convert to internal
+ 	 form.  */
+-      if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
++      if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
++	  || !elf_swap_shdr_in (abfd, &x_shdr, &i_shdr))
+ 	goto got_no_match;
+-      elf_swap_shdr_in (abfd, &x_shdr, &i_shdr);
+ 
+       /* If the section count is zero, the actual count is in the first
+ 	 section header.  */
+@@ -710,9 +714,9 @@ elf_object_p (bfd *abfd)
+ 	 to internal form.  */
+       for (shindex = 1; shindex < i_ehdrp->e_shnum; shindex++)
+ 	{
+-	  if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
++	  if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
++	      || !elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex))
+ 	    goto got_no_match;
+-	  elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex);
+ 
+ 	  /* Sanity check sh_link and sh_info.  */
+ 	  if (i_shdrp[shindex].sh_link >= num_sec)
diff --git a/SOURCES/binutils-error-on-corrupted-group.patch b/SOURCES/binutils-error-on-corrupted-group.patch
new file mode 100644
index 0000000..9527ad4
--- /dev/null
+++ b/SOURCES/binutils-error-on-corrupted-group.patch
@@ -0,0 +1,38 @@
+From 41461010eb7c79fee7a9d5f6209accdaac66cc6b Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 21 Jun 2025 06:52:00 +0800
+Subject: [PATCH] elf: Report corrupted group section
+
+Report corrupted group section instead of trying to recover.
+
+	PR binutils/33050
+	* elf.c (bfd_elf_set_group_contents): Report corrupted group
+	section.
+
+Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+---
+ bfd/elf.c | 23 ++++++++++-------------
+ 1 file changed, 10 insertions(+), 13 deletions(-)
+
+--- binutils.orig/bfd/elf.c	2025-12-16 12:33:34.627390340 +0000
++++ binutils-2.35.2/bfd/elf.c	2025-12-16 12:36:53.274123682 +0000
+@@ -3667,8 +3667,18 @@ bfd_elf_set_group_contents (bfd *abfd, a
+ 	break;
+     }
+ 
++  /* We should always get here with loc == sec->contents + 4.  Return
++     an error for bogus SHT_GROUP sections.  */
+   loc -= 4;
+-  BFD_ASSERT (loc == sec->contents);
++  if (loc != sec->contents)
++    {
++      /* xgettext:c-format */
++      _bfd_error_handler (_("%pB: corrupted group section: `%pA'"),
++			  abfd, sec);
++      bfd_set_error (bfd_error_bad_value);
++      *failedptr = TRUE;
++      return;
++    }
+ 
+   H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);
+ }
diff --git a/SOURCES/binutils-rwx-seg-execstack-err-warn.patch b/SOURCES/binutils-rwx-seg-execstack-err-warn.patch
index 0a8cfb8..323d294 100644
--- a/SOURCES/binutils-rwx-seg-execstack-err-warn.patch
+++ b/SOURCES/binutils-rwx-seg-execstack-err-warn.patch
@@ -1809,7 +1809,7 @@ diff -rupN binutils.orig/ld/testsuite/ld-powerpc/ppc476-shared2.d binutils-2.35.
  
  DYNAMIC RELOCATION RECORDS
 -OFFSET   TYPE              VALUE 
-+OFFSET +TYPE +VALUE
++OFFSET +TYPE +VALUE.*
  0001000[02] R_PPC_ADDR16_LO   \.text\+0x00050000
  0002000[02] R_PPC_ADDR16_LO   \.text\+0x00050000
  0003000[02] R_PPC_ADDR16_LO   \.text\+0x00050000
diff --git a/SPECS/binutils.spec b/SPECS/binutils.spec
index 03fe78b..9b7e8e2 100644
--- a/SPECS/binutils.spec
+++ b/SPECS/binutils.spec
@@ -2,7 +2,7 @@
 Summary: A GNU collection of binary utilities
 Name: binutils%{?_with_debug:-debug}
 Version: 2.35.2
-Release: 67%{?dist}
+Release: 72%{?dist}
 License: GPLv3+
 URL: https://sourceware.org/binutils
 
@@ -533,6 +533,16 @@ Patch105: binutils-AArch64-missing-assembler-tests-12.patch
 # Lifetime: Fixed in 2.46
 Patch106: binutils-execstack-error-tests.patch
 
+# Purpose:  Stops a potential illegal memory access when linking a corrupt
+#            input file.  PR 33457
+# Lifetime: Fixed in 2.46
+Patch107: binutils-CVE-2025-11083.patch
+
+# Purpose:  Stops a potential illegal memory access when copying a corrupt
+#            input file.  PR 33050
+# Lifetime: Fixed in 2.46
+Patch108: binutils-error-on-corrupted-group.patch
+
 #----------------------------------------------------------------------------
 
 Provides: bundled(libiberty)
@@ -1392,6 +1402,18 @@ exit 0
 
 #----------------------------------------------------------------------------
 %changelog
+* Mon Jan 19 2026 Nick Clifton  <nickc@redhat.com> - 2.35.2-72
+- Fix a potential illegal memory access when copying a corrupt input file.  (RHEL-142281)
+
+* Tue Dec 16 2025 Nick Clifton  <nickc@redhat.com> - 2.35.2-71
+- Fix a potential illegal memory access when copying a corrupt input file.  (RHEL-132287)
+
+* Tue Nov 11 2025 Nick Clifton  <nickc@redhat.com> - 2.35.2-69
+- Fix a potential illegal memory access when linking a corrupt input file.  (RHEL-126883)
+
+* Wed Sep 10 2025 Nick Clifton  <nickc@redhat.com> - 2.35.2-68
+- Add missing space to ppc476-shared2 linker test.  (RHEL-113842)
+
 * Tue Aug 19 2025 Nick Clifton  <nickc@redhat.com> - 2.35.2-67
 - Adds tests for the linker's --error-execstack and --error-rwx-segments command line options.  (RHEL-109970)