diff --git a/0012-CVE-2019-19126.patch b/0012-CVE-2019-19126.patch
new file mode 100644
index 0000000..9f71b25
--- /dev/null
+++ b/0012-CVE-2019-19126.patch
@@ -0,0 +1,31 @@
+From d5dfad4326fc683c813df1e37bbf5cf920591c8e Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Marcin=20Ko=C5=9Bcielnicki?= <mwk@0x04.net>
+Date: Thu, 21 Nov 2019 00:20:15 +0100
+Subject: [PATCH] rtld: Check __libc_enable_secure before honoring
+ LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204]
+
+The problem was introduced in glibc 2.23, in commit
+b9eb92ab05204df772eb4929eccd018637c9f3e9
+("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT").
+---
+ NEWS                                            | 6 +++++-
+ sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h | 3 ++-
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
+index 0e95221..e3af239 100644
+--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
++++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
+@@ -31,7 +31,8 @@
+    environment variable, LD_PREFER_MAP_32BIT_EXEC.  */
+ #define EXTRA_LD_ENVVARS \
+   case 21:								  \
+-    if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0)		  \
++    if (!__libc_enable_secure						  \
++	&& memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0)		  \
+       GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \
+ 	|= bit_arch_Prefer_MAP_32BIT_EXEC;				  \
+     break;
+-- 
+2.9.3
+
diff --git a/glibc.spec b/glibc.spec
index 88c429c..d218b62 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -127,7 +127,7 @@ Source0:	http://ftp.gnu.org/gnu/glibc/%{oname}-%{ver}.tar.xz
 #Source1:	http://ftp.gnu.org/gnu/glibc/%{oname}-%{ver}.tar.xz.sig
 #endif
 %endif
-Release:	12
+Release:	13
 License:	LGPLv2+ and LGPLv2+ with exceptions and GPLv2+
 Group:		System/Libraries
 Url:		http://www.gnu.org/software/libc/
@@ -217,6 +217,7 @@ Patch507:	0008-regex-fix-read-overrun-BZ-24114.patch
 Patch508:	0009-Record-CVE-2019-9169-in-NEWS-and-ChangeLog-BZ-24114.patch
 Patch509:	0010-S390-Mark-vx-and-vxe-as-important-hwcap.patch
 Patch510:	0011-ja_JP-Change-the-offset-for-Taisho-gan-nen-from-2-to.patch
+Patch511:	0012-CVE-2019-19126.patch
 
 #-----------------------------------------------------------------------
 # OpenMandriva patches