diff --git a/syslinux-fix-menu-memory-clobber.patch b/syslinux-fix-menu-memory-clobber.patch
new file mode 100644
index 0000000..e9ca3d4
--- /dev/null
+++ b/syslinux-fix-menu-memory-clobber.patch
@@ -0,0 +1,25 @@
+From: H. Peter Anvin <hpa@zytor.com>
+Date: Fri, 21 Sep 2007 23:22:58 +0000 (-0700)
+Subject: comboot: fix memory overwrite bug
+X-Git-Tag: syslinux-3.52-pre9~2
+X-Git-Url: http://git.kernel.org/?p=boot%2Fsyslinux%2Fsyslinux.git;a=commitdiff_plain;h=426d986dbc77abf2247b08c44c18bf9a478c2e8e
+
+comboot: fix memory overwrite bug
+
+Fix memory overwrite bug, specifically, the use of BP after it might
+have gotten clobbered.  Since at the point of use, BP is supposed to
+be == SP, we can just add "mov bp,sp".
+---
+
+diff --git a/comboot.inc b/comboot.inc
+index 3c9df5f..ffc9425 100644
+--- a/comboot.inc
++++ b/comboot.inc
+@@ -187,6 +187,7 @@ comboot_int21:	cli
+ 		clc
+ 		call ax			; Call the invoked function
+ comboot_resume:
++		mov bp,sp		; In case the function clobbers BP
+ 		setc P_FLAGSL		; Propagate CF->error
+ 		popad
+ 		pop gs
diff --git a/syslinux.spec b/syslinux.spec
index ec50f00..b63a22d 100644
--- a/syslinux.spec
+++ b/syslinux.spec
@@ -2,7 +2,7 @@ Summary: Simple kernel loader which boots from a FAT filesystem
 Name: syslinux
 Version: 3.36
 %define tarball_version 3.36
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPL
 Group: Applications/System
 Source0: ftp://ftp.kernel.org/pub/linux/utils/boot/syslinux/%{name}-%{tarball_version}.tar.bz2
@@ -10,6 +10,7 @@ Patch0: syslinux-2.08-x86_64.patch
 Patch3: syslinux-3.36.patch
 Patch4: syslinux-3.36-16bpp.patch
 Patch5: syslinux-hiddenmenu.patch
+Patch6: syslinux-fix-menu-memory-clobber.patch
 ExclusiveArch: i386 x86_64
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: nasm >= 0.98.38-1, perl, netpbm-progs
@@ -40,6 +41,7 @@ MEMDISK, which loads legacy operating systems from these media.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 %build
 CFLAGS="-Werror -Wno-unused -finline-limit=2000"
@@ -97,6 +99,9 @@ rm -rf %{buildroot}
 %{_prefix}/lib/syslinux/com32
 
 %changelog
+* Wed Oct  3 2007 Jeremy Katz <katzj@redhat.com> - 3.36-6
+- fix menu system memory corruption (#239585)
+
 * Tue Aug 14 2007 Jeremy Katz <katzj@redhat.com> - 3.36-5
 - backport "menu hidden" support from upstream git