diff --git a/fix-CVE-2019-1010023.patch b/fix-CVE-2019-1010023.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bbf566ae1c606f867024f98e29014e058728c0e8
--- /dev/null
+++ b/fix-CVE-2019-1010023.patch
@@ -0,0 +1,65 @@
+From d44c2d890a989bb67baaf6621858d9e8bde5bbf0 Mon Sep 17 00:00:00 2001
+From: lvying <lvying6@huawei.com>
+Date: Sat, 8 Feb 2020 12:05:36 +0800
+Subject: [PATCH] glibc: fix CVE-2019-1010023
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+| PT_LOAD
+|
+| […] Loadable segment entries in the program header table appear in
+| ascending order, sorted on the p_vaddr member.
+
+http://www.sco.com/developers/gabi/latest/ch5.pheader.html
+
+Some check needed to fix vulnerability in load commands mapping reported by
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=22851
+
+Signed-off-by: lvying <lvying6@huawei.com>
+---
+ elf/dl-map-segments.h | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/elf/dl-map-segments.h b/elf/dl-map-segments.h
+index 084076a..20dfc5c 100644
+--- a/elf/dl-map-segments.h
++++ b/elf/dl-map-segments.h
+@@ -33,6 +33,7 @@ _dl_map_segments (struct link_map *l, int fd,
+                   struct link_map *loader)
+ {
+   const struct loadcmd *c = loadcmds;
++  ElfW(Addr) l_map_end_aligned;
+ 
+   if (__glibc_likely (type == ET_DYN))
+     {
+@@ -61,6 +62,8 @@ _dl_map_segments (struct link_map *l, int fd,
+         return DL_MAP_SEGMENTS_ERROR_MAP_SEGMENT;
+ 
+       l->l_map_end = l->l_map_start + maplength;
++	  l_map_end_aligned = ((l->l_map_end + GLRO(dl_pagesize) - 1)
++			  & ~(GLRO(dl_pagesize) - 1));
+       l->l_addr = l->l_map_start - c->mapstart;
+ 
+       if (has_holes)
+@@ -85,10 +88,16 @@ _dl_map_segments (struct link_map *l, int fd,
+   /* Remember which part of the address space this object uses.  */
+   l->l_map_start = c->mapstart + l->l_addr;
+   l->l_map_end = l->l_map_start + maplength;
++  l_map_end_aligned = ((l->l_map_end + GLRO(dl_pagesize) - 1)
++		  & ~(GLRO(dl_pagesize) - 1));
+   l->l_contiguous = !has_holes;
+ 
+   while (c < &loadcmds[nloadcmds])
+     {
++		if ((l->l_addr + c->mapend) > l_map_end_aligned ||
++				(l->l_addr + c->mapstart) < l->l_map_start)
++			return DL_MAP_SEGMENTS_ERROR_MAP_SEGMENT;
++
+       if (c->mapend > c->mapstart
+           /* Map the segment contents from the file.  */
+           && (__mmap ((void *) (l->l_addr + c->mapstart),
+-- 
+1.8.3.1
+
diff --git a/glibc.spec b/glibc.spec
index 9ecc6cf6555bdbe1b7d15d4bd0f31c2bd9783122..5ff1e7f8864b35d0831f6876558fe572d0bf4904 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -59,7 +59,7 @@
 ##############################################################################
 Name: 	 	glibc
 Version: 	2.28
-Release: 	32
+Release: 	33
 Summary: 	The GNU libc libraries
 License:	%{all_license}
 URL: 		http://www.gnu.org/software/glibc/
@@ -73,6 +73,7 @@ Source5:   glibc-bench-compare
 Source6:   LicenseList
 Source7:   LanguageList
 
+Patch1:	fix-CVE-2019-1010023.patch 
 Provides: ldconfig rtld(GNU_HASH) bundled(gnulib)
 
 BuildRequires: audit-libs-devel >= 1.1.3, sed >= 3.95, libcap-devel, gettext
@@ -912,6 +913,12 @@ fi
 
 
 %changelog
+* Thu Mar 12 2020 lvying<lvying6@huawei.com> - 2.28-33
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: fix CVE-2019-1010023
+
 * Wed Feb 26 2020 Wang Shuo<wangshuo47@huawei.com> - 2.28-32
 - Type:bugfix
 - ID:NA