diff --git a/dhcp-4.2.0-P2-CVE-2011-0997.patch b/dhcp-4.2.0-P2-CVE-2011-0997.patch
index f8ad4f1..36786b8 100644
--- a/dhcp-4.2.0-P2-CVE-2011-0997.patch
+++ b/dhcp-4.2.0-P2-CVE-2011-0997.patch
@@ -165,11 +165,11 @@ diff -up dhcp-4.2.0-P2/client/dhclient.c.CVE-2011-0997 dhcp-4.2.0-P2/client/dhcl
 +	if ((universe == NULL) || (universe == &dhcp_universe)) {
 +		switch(opt) {
 +		      case DHO_HOST_NAME:
-+		      case DHO_DOMAIN_NAME:
 +		      case DHO_NIS_DOMAIN:
 +		      case DHO_NETBIOS_SCOPE:
 +			return check_domain_name(ptr, len, 0);
 +			break;
++		      case DHO_DOMAIN_NAME: /* accept a list for compatibiliy */
 +		      case DHO_DOMAIN_SEARCH:
 +			return check_domain_name_list(ptr, len, 0);
 +			break;
diff --git a/dhcp.spec b/dhcp.spec
index 154996c..667d752 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -12,7 +12,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.2.0
-Release:  20.%{patchver}%{?dist}
+Release:  21.%{patchver}%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -559,6 +559,9 @@ fi
 %attr(0644,root,root) %{_mandir}/man3/omapi.3.gz
 
 %changelog
+* Wed Apr 06 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.0-21.P2
+- Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)
+
 * Wed Apr 06 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.0-20.P2
 - CVE-2011-0997
   dhclient: insufficient sanitization of certain DHCP response values (#694005)