diff --git a/CHANGES b/CHANGES
index 4344c25335..b0c1bac2f9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,12 @@
 
+2.1-361 | 2013-03-13 07:18:22 -0700
+
+  * Add check for truncated link frames. Addresses #962. (Jacob
+    Baines)
+
+  * Fix large memory allocation in IP fragment reassembly. Addresses
+    #961. (Jacob Baines)
+
 2.1-357 | 2013-03-08 09:18:35 -0800
 
   * Fix race-condition in table-event test. (Bernhard Amann)
diff --git a/VERSION b/VERSION
index 5a3fd732c7..9c30e5948f 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.1-357
+2.1-361
diff --git a/src/Frag.cc b/src/Frag.cc
index d873f5bc0c..4b9047d072 100644
--- a/src/Frag.cc
+++ b/src/Frag.cc
@@ -100,6 +100,13 @@ void FragReassembler::AddFragment(double t, const IP_Hdr* ip, const u_char* pkt)
 	int offset = ip->FragOffset();
 	int len = ip->TotalLen();
 	int hdr_len = ip->HdrLen();
+
+	if ( len < hdr_len )
+		{
+		s->Weird("fragment_protocol_inconsistency", ip);
+		return;
+		}
+
 	int upper_seq = offset + len - hdr_len;
 
 	if ( ! offset )
diff --git a/src/Sessions.cc b/src/Sessions.cc
index 6f42e5726b..2e5a6ded30 100644
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@@ -223,6 +223,12 @@ void NetSessions::NextPacket(double t, const struct pcap_pkthdr* hdr,
 		// we look to see if what we have is consistent with an
 		// IPv4 packet.  If not, it's either ARP or IPv6 or weird.
 
+		if ( hdr_size > static_cast<int>(hdr->caplen) )
+			{
+			Weird("truncated_link_frame", hdr, pkt);
+			return;
+			}
+
 		uint32 caplen = hdr->caplen - hdr_size;
 		if ( caplen < sizeof(struct ip) )
 			{