diff --git a/pkgs/development/libraries/avahi/default.nix b/pkgs/development/libraries/avahi/default.nix
index 297883ecd0a4..f276d0bf12ee 100644
--- a/pkgs/development/libraries/avahi/default.nix
+++ b/pkgs/development/libraries/avahi/default.nix
@@ -1,4 +1,4 @@
-{ fetchurl, stdenv, pkgconfig, libdaemon, dbus, perlPackages
+{ fetchurl, fetchpatch, stdenv, pkgconfig, libdaemon, dbus, perlPackages
 , expat, gettext, intltool, glib, libiconv
 , gtk3Support ? false, gtk3 ? null
 , qt4 ? null
@@ -16,7 +16,14 @@ stdenv.mkDerivation rec {
     sha256 = "0128n7jlshw4bpx0vg8lwj8qwdisjxi7mvniwfafgnkzzrfrpaap";
   };
 
-  patches = [ ./no-mkdir-localstatedir.patch ];
+  patches = [
+    ./no-mkdir-localstatedir.patch
+    (fetchpatch {
+      name ="CVE-2017-6519-CVE-2018-100084.patch";
+      url = https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f.patch;
+      sha256 = "06n7b7kz6xcc35c7xjfc1kj3k2llyjgi09nhy0ci32l1bhacjw0q";
+    })
+  ];
 
   buildInputs = [ libdaemon dbus glib expat libiconv ]
     ++ (with perlPackages; [ perl XMLParser ])