diff --git a/pkgs/desktops/gnome-3/core/gdm/default.nix b/pkgs/desktops/gnome-3/core/gdm/default.nix
index ef9439a30291bd..7311a93a79b68d 100644
--- a/pkgs/desktops/gnome-3/core/gdm/default.nix
+++ b/pkgs/desktops/gnome-3/core/gdm/default.nix
@@ -1,7 +1,7 @@
 { stdenv, fetchurl, pkgconfig, glib, itstool, libxml2, xorg, dbus
 , intltool, accountsservice, libX11, gnome3, systemd, autoreconfHook
 , gtk, libcanberra-gtk3, pam, libtool, gobjectIntrospection, plymouth
-, librsvg, coreutils }:
+, librsvg, coreutils, fetchpatch }:
 
 stdenv.mkDerivation rec {
   name = "gdm-${version}";
@@ -43,6 +43,16 @@ stdenv.mkDerivation rec {
   patches = [ ./sessions_dir.patch
               ./gdm-x-session_extra_args.patch
               ./gdm-session-worker_xserver-path.patch
+              (fetchpatch{
+                name = "CVE-2018-14424_A.patch";
+                url = https://gitlab.gnome.org/GNOME/gdm/commit/6060db704a19b0db68f2e9e6a2d020c0c78b6bba.patch;
+                sha256 = "1wp6b61jwdm43m696rgxa5iz8v39vk4il5xr4zgsx8y1pxqwb8n6";
+              })
+              (fetchpatch{
+                name = "CVE-2018-14424_B.patch";
+                url = https://gitlab.gnome.org/GNOME/gdm/commit/765b306c364885dd89d47fe9fe8618ce6a467bc1.patch;
+                sha256 = "07sani5mbgv8cnwkddj15xg4r7f90d1rp8xxh1hnfwigrm1hm69d";
+              })
              ];
 
   postInstall = ''