diff --git a/Sys-Syslog-0.34-CVE-2016-1238-avoid-loading-optional-modules-from.patch b/Sys-Syslog-0.34-CVE-2016-1238-avoid-loading-optional-modules-from.patch
new file mode 100644
index 0000000..d352d2a
--- /dev/null
+++ b/Sys-Syslog-0.34-CVE-2016-1238-avoid-loading-optional-modules-from.patch
@@ -0,0 +1,34 @@
+From 15488839b5e8141d120db913c22fdbada9597b93 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Thu, 28 Jul 2016 13:34:55 +1000
+Subject: [PATCH] CVE-2016-1238: avoid loading optional modules from default .
+
+Sys::Syslog treats two modules as optional, attemptting to load them
+and not requiring them (Win32 only.)
+
+If a user runs a program using Sys::Syslog in a world writable
+directory (like %windir%\Temp) a local attacker can create
+Win32\EventLog.pm in that directory to run code as the running user.
+
+This patch temporarily removes the default . from @INC to prevent
+that attack.
+---
+ Syslog.pm | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/Syslog.pm b/Syslog.pm
+index 7978f04..06169a8 100644
+--- a/Syslog.pm
++++ b/Syslog.pm
+@@ -918,6 +918,8 @@ sub silent_eval (&) {
+ sub can_load {
+     my ($module, $verbose) = @_;
+     local($SIG{__DIE__}, $SIG{__WARN__}, $@);
++    local @INC = @INC;
++    pop @INC if $INC[-1] eq '.';
+     my $loaded = eval "use $module; 1";
+     warn $@ if not $loaded and $verbose;
+     return $loaded
+-- 
+2.1.4
+
diff --git a/perl-Sys-Syslog.spec b/perl-Sys-Syslog.spec
index 28fe5f6..e0ccaa7 100644
--- a/perl-Sys-Syslog.spec
+++ b/perl-Sys-Syslog.spec
@@ -1,6 +1,6 @@
 Name:           perl-Sys-Syslog
 Version:        0.34
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Perl interface to the UNIX syslog(3) calls
 # README:               GPL+ or Artistic
 # ppport.h:             GPL+ or Artistic
@@ -11,6 +11,8 @@ License:        GPL+ or Artistic
 Group:          Development/Libraries
 URL:            http://search.cpan.org/dist/Sys-Syslog/
 Source0:        http://www.cpan.org/authors/id/S/SA/SAPER/Sys-Syslog-%{version}.tar.gz
+# Avoid loading optional modules from default . (CVE-2016-1238)
+Patch0:         Sys-Syslog-0.34-CVE-2016-1238-avoid-loading-optional-modules-from.patch
 BuildRequires:  coreutils
 BuildRequires:  findutils
 BuildRequires:  gcc
@@ -65,6 +67,8 @@ a string priority and a list of printf() arguments just like at syslog(3).
 
 %prep
 %setup -q -n Sys-Syslog-%{version}
+%patch0 -p1
+
 chmod -x eg/*
 # Inhibit bundled syslog.h
 rm -rf fallback
@@ -96,6 +100,9 @@ make test
 %{_mandir}/man3/*
 
 %changelog
+* Wed Aug 03 2016 Jitka Plesnikova <jplesnik@redhat.com> - 0.34-4
+- Avoid loading optional modules from default . (CVE-2016-1238)
+
 * Wed May 18 2016 Jitka Plesnikova <jplesnik@redhat.com> - 0.34-3
 - Perl 5.24 re-rebuild of bootstrapped packages