diff --git a/0002-Fix-invalid-read-in-ares_parse_soa_reply.patch b/0002-Fix-invalid-read-in-ares_parse_soa_reply.patch
new file mode 100644
index 0000000000000000000000000000000000000000..00968b2c6843eb117ff1a91a9e06b196ccc604d7
--- /dev/null
+++ b/0002-Fix-invalid-read-in-ares_parse_soa_reply.patch
@@ -0,0 +1,25 @@
+commit 1b98172b141fe874ad43e679e67506f9b2139043
+Author: lutianxiong <50396812+ltx2018@users.noreply.github.com>
+Date:   Fri May 22 20:02:21 2020 +0800
+
+    avoid read-heap-buffer-overflow (#332)
+    
+    Fix invalid read in ares_parse_soa_reply.c found during fuzzing
+    
+    Fixes Bug: #333
+    Fix By: lutianxiong (@ltx2018)
+
+diff --git a/ares_parse_soa_reply.c b/ares_parse_soa_reply.c
+index 2a2cac8..7cfaed2 100644
+--- a/ares_parse_soa_reply.c
++++ b/ares_parse_soa_reply.c
+@@ -69,6 +69,9 @@ ares_parse_soa_reply(const unsigned char *abuf, int alen,
+   status = ares__expand_name_for_response(aptr, abuf, alen, &qname, &len);
+   if (status != ARES_SUCCESS)
+     goto failed_stat;
++
++  if (alen <= len + HFIXEDSZ + 1)
++    goto failed;
+   aptr += len;
+ 
+   qclass = DNS_QUESTION_TYPE(aptr);
diff --git a/c-ares-1.15.0.tar.gz b/c-ares-1.15.0.tar.gz
deleted file mode 100644
index e39bf4ca90745cf5e3237fd5516e03703ccb0447..0000000000000000000000000000000000000000
Binary files a/c-ares-1.15.0.tar.gz and /dev/null differ
diff --git a/c-ares-1.16.0.tar.gz b/c-ares-1.16.0.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..e7da7c891b0da530b6aff228f73a642159be31b7
Binary files /dev/null and b/c-ares-1.16.0.tar.gz differ
diff --git a/c-ares.spec b/c-ares.spec
index 182dcb7aa20bf0bfb91bc44abea2edd21cf3466c..2af6b8d61bc816fe401e4ad2764b6577c9a06221 100644
--- a/c-ares.spec
+++ b/c-ares.spec
@@ -1,6 +1,6 @@
 Name:           c-ares
-Version:        1.15.0
-Release:        1
+Version:        1.16.0
+Release:        2
 Summary:        A C library for asynchronous DNS requests
 
 License:        MIT
@@ -10,6 +10,7 @@ Source0:        https://github.com/c-ares/c-ares/releases/tag/%{name}-%{version}
 BuildRequires:  gcc autoconf automake libtool
 # Patch0 from Redhat is applied for stopping overriding AC_CONFIG_MACRO_DIR
 Patch0:         0001-Use-RPM-compiler-options.patch
+Patch1:         0002-Fix-invalid-read-in-ares_parse_soa_reply.patch
 %description
 This is c-ares, an asynchronous resolver library. It is intended for applications
 which need to perform DNS queries without blocking, or need to perform multiple
@@ -39,8 +40,7 @@ make %{?_smp_mflags}
 
 %files
 %doc CHANGES LICENSE.md
-%{_libdir}/libcares.so.2.3.0
-%{_libdir}/libcares.so.2
+%{_libdir}/*.so.*
 
 %files devel
 %{_libdir}/pkgconfig/*.pc
@@ -53,5 +53,17 @@ make %{?_smp_mflags}
 %{_mandir}/man3/*
 
 %changelog
+* Mon Jun 29 2020 gaihuiying <gaihuiying1@huawei.com> - 1.16.0-2
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: Fix invalid read in ares_parse_soa_reply.c found during fuzzing
+
+* Mon Jun 29 2020 gaihuiying <gaihuiying1@huawei.com> - 1.16.0-1
+- Type:requirement
+- ID:NA
+- SUG:NA
+- DESC:update c-ares version to 1.16.0
+
 * Mon Sep 09 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.15.0-1
 - Package Init