diff --git a/pkgs/applications/virtualization/xen/4.5.nix b/pkgs/applications/virtualization/xen/4.5.nix
index 271ab7e7fe9..e7a46a24965 100644
--- a/pkgs/applications/virtualization/xen/4.5.nix
+++ b/pkgs/applications/virtualization/xen/4.5.nix
@@ -1,4 +1,4 @@
-{ callPackage, fetchurl, fetchgit, ... } @ args:
+{ callPackage, fetchurl, fetchpatch, fetchgit, ... } @ args:
 
 let
   # Xen 4.5.5
@@ -54,7 +54,23 @@ let
 
     xenPatches = [ ./0001-libxl-Spice-image-compression-setting-support-for-up.patch
                    ./0002-libxl-Spice-streaming-video-setting-support-for-upst.patch
-                   ./0003-Add-qxl-vga-interface-support-for-upstream-qem.patch ];
+                   ./0003-Add-qxl-vga-interface-support-for-upstream-qem.patch
+                   (fetchpatch {
+                     url = "https://bugzilla.redhat.com/attachment.cgi?id=1218547";
+                     name = "CVE-2016-9385.patch";
+                     sha256 = "0l5drg862708ngy49jl65vmv6iwxlm7h8b4vabnffc2496f2gbwk";
+                   })
+                   (fetchpatch {
+                     url = "https://bugzilla.redhat.com/attachment.cgi?id=1218536";
+                     name = "CVE-2016-9377-CVE-2016-9378-part1.patch";
+                     sha256 = "1dy8xvnkdvc44ywzzlswmkljjva44c0ndw7538iicr3qyf0244n4";
+                   })
+                   (fetchpatch {
+                     url = "https://bugzilla.redhat.com/attachment.cgi?id=1218537";
+                     name = "CVE-2016-9377-CVE-2016-9378-part2.patch";
+                     sha256 = "0iz36s2w6bh5h9i1a9gj1c748fq1dj90kcg2yzld1m26qx21qrr5";
+                   })
+                 ];
   };
 
 in callPackage ./generic.nix (args // { xenConfig=xenConfig; })