diff --git a/liblouis-3.16.1-fix-CVE-2023-26768.patch b/liblouis-3.16.1-fix-CVE-2023-26768.patch
new file mode 100644
index 0000000..ec6cb9d
--- /dev/null
+++ b/liblouis-3.16.1-fix-CVE-2023-26768.patch
@@ -0,0 +1,57 @@
+From 565ac66ec0c187ffb442226487de3db376702958 Mon Sep 17 00:00:00 2001
+From: Marsman1996 <lqliuyuwei@outlook.com>
+Date: Thu, 9 Feb 2023 18:56:21 +0800
+Subject: [PATCH 1/2] Check filename before coping to initialLogFileName
+
+---
+ liblouis/logging.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/liblouis/logging.c b/liblouis/logging.c
+index 9f470b45e5..7498deb758 100644
+--- a/liblouis/logging.c
++++ b/liblouis/logging.c
+@@ -126,7 +126,7 @@ lou_logFile(const char *fileName) {
+ 		fclose(logFile);
+ 		logFile = NULL;
+ 	}
+-	if (fileName == NULL || fileName[0] == 0) return;
++	if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= 256) return;
+ 	if (initialLogFileName[0] == 0) strcpy(initialLogFileName, fileName);
+ 	logFile = fopen(fileName, "a");
+ 	if (logFile == NULL && initialLogFileName[0] != 0)
+
+From 47822bb418fb77564c159469e3be79989b11aced Mon Sep 17 00:00:00 2001
+From: Marsman1996 <lqliuyuwei@outlook.com>
+Date: Thu, 9 Feb 2023 21:00:36 +0800
+Subject: [PATCH 2/2] replace the magic number with a define
+
+---
+ liblouis/logging.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/liblouis/logging.c b/liblouis/logging.c
+index 7498deb758..2849cf26d4 100644
+--- a/liblouis/logging.c
++++ b/liblouis/logging.c
+@@ -117,8 +117,10 @@ _lou_logMessage(logLevels level, const char *format, ...) {
+ 	}
+ }
+ 
++#define FILENAMESIZE 256
++
+ static FILE *logFile = NULL;
+-static char initialLogFileName[256] = "";
++static char initialLogFileName[FILENAMESIZE] = "";
+ 
+ void EXPORT_CALL
+ lou_logFile(const char *fileName) {
+@@ -126,7 +128,7 @@ lou_logFile(const char *fileName) {
+ 		fclose(logFile);
+ 		logFile = NULL;
+ 	}
+-	if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= 256) return;
++	if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= FILENAMESIZE) return;
+ 	if (initialLogFileName[0] == 0) strcpy(initialLogFileName, fileName);
+ 	logFile = fopen(fileName, "a");
+ 	if (logFile == NULL && initialLogFileName[0] != 0)
diff --git a/liblouis.spec b/liblouis.spec
index 1bd326d..0e2c2e7 100644
--- a/liblouis.spec
+++ b/liblouis.spec
@@ -9,8 +9,10 @@ Summary:        Braille translation and back-translation library
 License:        LGPLv3+
 URL:            http://liblouis.org
 Source0:        https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
-# https://bugzilla.redhat.com/show_bug.cgi?id=2181147
+# https://bugzilla.redhat.com/show_bug.cgi?id=2181151
 Patch0:         liblouis-3.16.1-fix-CVE-2023-26767.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2181151
+Patch1:         liblouis-3.16.1-fix-CVE-2023-26768.patch
 
 BuildRequires:  chrpath
 BuildRequires:  gcc
@@ -147,6 +149,7 @@ done
 %changelog
 * Mon Apr 03 2023 David King <amigadave@amigadave.com> - 3.16.1-5
 - Fix CVE-2023-26767 (#2181147)
+- Fix CVE-2023-26768 (#2181151)
 
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.16.1-4
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags