diff --git a/dbus-1-x11.changes b/dbus-1-x11.changes
index 63ab80e..67697f3 100644
--- a/dbus-1-x11.changes
+++ b/dbus-1-x11.changes
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Wed Jul  2 16:15:37 UTC 2014 - fstrba@suse.com
+
+- Update to 1.8.6:
+  + Security fixes:
+    - On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS,
+      silently drop the message. This prevents an attack in which
+      a malicious client can make dbus-daemon disconnect a system
+      service, which is a local denial of service.
+      (bnc#885241 fdo#80163, CVE-2014-3532; Alban Crequy)
+    - Track remaining Unix file descriptors correctly when more
+      than one message in quick succession contains fds. This
+      prevents another attack in which a malicious client can make
+      dbus-daemon disconnect a system service.
+      (bnc#885241 fdo#79694, fd0#80469, CVE-2014-3533; Alejandro
+      Martínez Suárez, Simon McVittie, Alban Crequy)
+  + Other fixes:
+    - When dbus-launch --exit-with-session starts a dbus-daemon but
+      then cannot attach to a session, kill the dbus-daemon as
+      intended (fdo#74698, Роман Донченко)
+
 -------------------------------------------------------------------
 Wed Jun 11 04:58:38 UTC 2014 - fstrba@suse.com
 
diff --git a/dbus-1-x11.spec b/dbus-1-x11.spec
index e2d950e..fa6493c 100644
--- a/dbus-1-x11.spec
+++ b/dbus-1-x11.spec
@@ -46,7 +46,7 @@ BuildRequires:  pkgconfig(libsystemd-login)
 BuildRequires:  libexpat-devel
 BuildRequires:  libtool
 BuildRequires:  pkg-config
-Version:        1.8.4
+Version:        1.8.6
 Release:        0
 #
 Source0:        http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz
diff --git a/dbus-1.8.4.tar.gz b/dbus-1.8.4.tar.gz
deleted file mode 100644
index 96f9ac9..0000000
--- a/dbus-1.8.4.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3ef63dc8d0111042071ee7f7bafa0650c6ce2d7be957ef0b7ec269495a651ff8
-size 1860286
diff --git a/dbus-1.8.6.tar.gz b/dbus-1.8.6.tar.gz
new file mode 100644
index 0000000..ed949db
--- /dev/null
+++ b/dbus-1.8.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eded83ca007b719f32761e60fd8b9ffd0f5796a4caf455b01b5a5ef740ebd23f
+size 1861784
diff --git a/dbus-1.changes b/dbus-1.changes
index 63ab80e..67697f3 100644
--- a/dbus-1.changes
+++ b/dbus-1.changes
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Wed Jul  2 16:15:37 UTC 2014 - fstrba@suse.com
+
+- Update to 1.8.6:
+  + Security fixes:
+    - On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS,
+      silently drop the message. This prevents an attack in which
+      a malicious client can make dbus-daemon disconnect a system
+      service, which is a local denial of service.
+      (bnc#885241 fdo#80163, CVE-2014-3532; Alban Crequy)
+    - Track remaining Unix file descriptors correctly when more
+      than one message in quick succession contains fds. This
+      prevents another attack in which a malicious client can make
+      dbus-daemon disconnect a system service.
+      (bnc#885241 fdo#79694, fd0#80469, CVE-2014-3533; Alejandro
+      Martínez Suárez, Simon McVittie, Alban Crequy)
+  + Other fixes:
+    - When dbus-launch --exit-with-session starts a dbus-daemon but
+      then cannot attach to a session, kill the dbus-daemon as
+      intended (fdo#74698, Роман Донченко)
+
 -------------------------------------------------------------------
 Wed Jun 11 04:58:38 UTC 2014 - fstrba@suse.com
 
diff --git a/dbus-1.spec b/dbus-1.spec
index 46ae9fc..210f0fe 100644
--- a/dbus-1.spec
+++ b/dbus-1.spec
@@ -40,7 +40,7 @@ BuildRequires:  pkgconfig(libsystemd-login)
 BuildRequires:  libexpat-devel
 BuildRequires:  libtool
 BuildRequires:  pkg-config
-Version:        1.8.4
+Version:        1.8.6
 Release:        0
 #
 Source0:        http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz