diff --git a/bird-1.6.6.tar.gz b/bird-1.6.6.tar.gz
deleted file mode 100644
index b11d42a..0000000
--- a/bird-1.6.6.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:975b3b7aefbe1e0dc9c11e55517f0ca2d82cca1d544e2e926f78bc843aaf2d70
-size 1029505
diff --git a/bird-1.6.8.tar.gz b/bird-1.6.8.tar.gz
new file mode 100644
index 0000000..ccc52ce
--- /dev/null
+++ b/bird-1.6.8.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6c61ab5d2ef59d2559a8735b8252b5a0238013b43e5fb8a96c5d9d06e7bc00b2
+size 1042222
diff --git a/bird.changes b/bird.changes
index b269137..63a8f3b 100644
--- a/bird.changes
+++ b/bird.changes
@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Wed Sep 18 19:14:22 UTC 2019 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 1.6.8
+  * Fix CVE-2019-16159:
+    BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through
+    2.0.5 has a stack-based buffer overflow. The BGP daemon's
+    support for RFC 8203 administrative shutdown communication
+    messages included an incorrect logical expression when checking
+    the validity of an input message. Sending a shutdown
+    communication with a sufficient message length causes a four-byte
+    overflow to occur while processing the message, where two of the
+    overflow bytes are attacker-controlled and two are fixed.
+  * Several important bugfixes
+  * BFD: Support for VRFs
+
 -------------------------------------------------------------------
 Fri Mar  1 19:32:49 UTC 2019 - Martin Hauke <mardnh@gmx.de>
 
diff --git a/bird.spec b/bird.spec
index a4a3f17..545f08b 100644
--- a/bird.spec
+++ b/bird.spec
@@ -21,7 +21,7 @@
 %define bird_home %{_localstatedir}/lib/bird
 %define bird_runtimedir %{_rundir}/%{name}
 Name:           bird
-Version:        1.6.6
+Version:        1.6.8
 Release:        0
 Summary:        The BIRD Internet Routing Daemon
 License:        GPL-2.0-or-later