diff --git a/pam-1.1.7-tty-audit-init.patch b/pam-1.1.7-tty-audit-init.patch
new file mode 100644
index 0000000..065a650
--- /dev/null
+++ b/pam-1.1.7-tty-audit-init.patch
@@ -0,0 +1,48 @@
+diff -up Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c.tty-audit-init Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c
+--- Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c.tty-audit-init	2013-08-28 10:53:40.000000000 +0200
++++ Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c	2013-10-04 14:51:19.944994905 +0200
+@@ -36,6 +36,7 @@
+    USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+    DAMAGE. */
+ 
++#include "config.h"
+ #include <errno.h>
+ #include <fnmatch.h>
+ #include <stdlib.h>
+@@ -108,7 +109,7 @@ nl_recv (int fd, unsigned type, void *bu
+   struct msghdr msg;
+   struct nlmsghdr nlm;
+   struct iovec iov[2];
+-  ssize_t res;
++  ssize_t res, resdiff;
+ 
+  again:
+   iov[0].iov_base = &nlm;
+@@ -160,12 +161,17 @@ nl_recv (int fd, unsigned type, void *bu
+   res = recvmsg (fd, &msg, 0);
+   if (res == -1)
+     return -1;
+-  if ((size_t)res != NLMSG_LENGTH (size)
++  resdiff = NLMSG_LENGTH(size) - (size_t)res;
++  if (resdiff < 0
+       || nlm.nlmsg_type != type)
+     {
+       errno = EIO;
+       return -1;
+     }
++  else if (resdiff > 0)
++    {
++      memset((char *)buf + res, 0, resdiff);
++    }
+   return 0;
+ }
+ 
+@@ -275,6 +281,8 @@ pam_sm_open_session (pam_handle_t *pamh,
+       return PAM_SESSION_ERR;
+     }
+ 
++  memcpy(&new_status, old_status, sizeof(new_status));
++
+   new_status.enabled = (command == CMD_ENABLE ? 1 : 0);
+ #ifdef HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD
+   new_status.log_passwd = log_passwd;
diff --git a/pam.spec b/pam.spec
index 57c6b3c..940c998 100644
--- a/pam.spec
+++ b/pam.spec
@@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.1.7
-Release: 2%{?dist}
+Release: 3%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@@ -45,6 +45,7 @@ Patch20: pam-1.1.5-unix-no-fallback.patch
 Patch22: pam-1.1.7-unix-build.patch
 Patch29: pam-1.1.6-pwhistory-helper.patch
 Patch31: pam-1.1.6-use-links.patch
+Patch32: pam-1.1.7-tty-audit-init.patch
 
 %define _pamlibdir %{_libdir}
 %define _moduledir %{_libdir}/security
@@ -122,7 +123,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
 %patch22 -p1 -b .build
 %patch29 -p1 -b .pwhhelper
 %patch31 -p1 -b .links
-
+%patch32 -p1 -b .tty-audit-init
 
 %build
 autoreconf -i
@@ -370,6 +371,9 @@ fi
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Fri Oct  4 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.7-3
+- pam_tty_audit: proper initialization of the tty_audit_status struct
+
 * Mon Sep 30 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.7-2
 - add "local_users_only" to pam_pwquality in default configuration