diff --git a/krb5-1.14.2.tar.gz b/krb5-1.14.2.tar.gz
deleted file mode 100644
index 1a1446b..0000000
--- a/krb5-1.14.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:275e582261e80c464afd80afd0a880b9abcae011fc64be8b1abd7e4c8433c385
-size 12621899
diff --git a/krb5-1.14.3.tar.gz b/krb5-1.14.3.tar.gz
new file mode 100644
index 0000000..6d8962e
--- /dev/null
+++ b/krb5-1.14.3.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cd4620d520cf0df0dd8791309912df2bb20fcba76790b9fba4e25c1da08ff2c9
+size 12279888
diff --git a/krb5-1.14.3.tar.gz.asc b/krb5-1.14.3.tar.gz.asc
new file mode 100644
index 0000000..389755e
--- /dev/null
+++ b/krb5-1.14.3.tar.gz.asc
@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQGcBAABAgAGBQJXj/41AAoJEKMvF/0AVcMFKWkMAIpdTej1sku6sIm39+NjaTDr
+1tPTdRFtX5zb7hFlv4PelZzMWNtylbKmD1WgriTcJ9AGvKY5IexbYrHreEbvHr3s
+hlcnXxhKy4TXWqRyEHQ20K0n2fJYLwJBSVKFM9joCOmfuj2BWPqhh1UxHnNlTsjQ
+k9q1T9iDY2hEiHlIrvLRjiTEZBr/ldr1fzkuAflyDg/7FydjLgl9Jm1HPU08Hofz
+dLh+ozy6hsNTbteTBsngm51iFKSETr5Ugxxba7nXZ7KVaruCawjixDzfQRXgEuh2
+dHAJd6vVOixGcDOxDOSVTy/LaMqERC5K/qc0X2ubjwbPZn798919+szJ90jZwA2j
+19aqxGkOxfHi3LUponAXZ1kgPUbN2x7FIe1byowwnXnAX7i4DJ3HgxWkn5dWnRX3
+ntFsQb5D0YFul5PApXYLpjACQt0gu+WNAwOYDQxSISRkMU5L2yXw7E32qSMdR7j7
+AWZzE8XXuhl8LN/UPxj7+1zOftCOv7xcKtQJgL6Quw==
+=QiOC
+-----END PGP SIGNATURE-----
diff --git a/krb5-mini.changes b/krb5-mini.changes
index b56f077..8a561d2 100644
--- a/krb5-mini.changes
+++ b/krb5-mini.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Jul 22 08:45:19 UTC 2016 - michael@stroeder.com
+
+- Upgrade from 1.14.2 to 1.14.3:
+  * Improve some error messages
+  * Improve documentation
+  * Allow a principal with nonexistent policy to bypass the minimum
+    password lifetime check, consistent with other aspects of
+    nonexistent policies
+  * Fix a rare KDC denial of service vulnerability when anonymous client
+    principals are restricted to obtaining TGTs only [CVE-2016-3120]
+  
 ------------------------------------------------------------------
 Tue May 10 12:41:14 UTC 2016 - hguo@suse.com
 
diff --git a/krb5-mini.spec b/krb5-mini.spec
index 9ec4873..d7b86da 100644
--- a/krb5-mini.spec
+++ b/krb5-mini.spec
@@ -16,7 +16,7 @@
 #
 
 
-%define srcRoot krb5-1.14.2
+%define srcRoot krb5-1.14.3
 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
 %define krb5docdir  %{_defaultdocdir}/krb5
 
@@ -29,7 +29,7 @@ BuildRequires:  keyutils-devel
 BuildRequires:  libcom_err-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  ncurses-devel
-Version:        1.14.2
+Version:        1.14.3
 Release:        0
 Summary:        MIT Kerberos5 implementation and libraries with minimal dependencies
 License:        MIT
@@ -48,10 +48,11 @@ Conflicts:      krb5-plugin-kdb-ldap
 Conflicts:      krb5-plugin-preauth-pkinit
 Conflicts:      krb5-plugin-preauth-otp
 # both tar.gz and .tar.gz.asc extracted from the http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
-Source:         krb5-%{version}.tar.gz
-Source43:       krb5.keyring
-Source1:        vendor-files.tar.bz2
-Source2:        baselibs.conf
+Source0:        krb5-%{version}.tar.gz
+Source1:        krb5-%{version}.tar.gz.asc
+Source2:        krb5.keyring
+Source3:        vendor-files.tar.bz2
+Source4:        baselibs.conf
 Source5:        krb5-rpmlintrc
 Patch1:         krb5-1.12-pam.patch
 Patch2:         krb5-1.9-manpaths.dif
@@ -97,7 +98,7 @@ Include Files for Development
 
 %prep
 %setup -q -n %{srcRoot}
-%setup -a 1 -T -D -n %{srcRoot}
+%setup -a 3 -T -D -n %{srcRoot}
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
@@ -128,19 +129,20 @@ DEFCCNAME=DIR:/run/user/%%{uid}/krb5cc; export DEFCCNAME
 	--libexecdir=/usr/lib/mit/sbin \
 	--libdir=%{_libdir} \
 	--includedir=%{_includedir} \
-        --localstatedir=%{_localstatedir}/lib/kerberos \
-        --localedir=%{_datadir}/locale \
+    --localstatedir=%{_localstatedir}/lib/kerberos \
+    --localedir=%{_datadir}/locale \
 	--enable-shared \
 	--disable-static \
-        --enable-dns-for-realm \
-        --disable-rpath \
-        --disable-pkinit \
-        --without-pam \
-        --with-selinux \
-        --with-system-et \
-        --with-system-ss \
-        --with-system-verto
-%{__make} %{?_smp_mflags}
+    --enable-dns-for-realm \
+    --disable-rpath \
+    --disable-pkinit \
+    --without-pam \
+    --with-selinux \
+    --with-system-et \
+    --with-system-ss \
+    --with-system-verto
+
+make %{?_smp_mflags}
 
 # Copy kadmin manual page into kadmin.local's due to the split between client and server package
 cp man/kadmin.man man/kadmin.local.8
diff --git a/krb5.changes b/krb5.changes
index 2599987..76dea70 100644
--- a/krb5.changes
+++ b/krb5.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Jul 22 08:45:19 UTC 2016 - michael@stroeder.com
+
+- Upgrade from 1.14.2 to 1.14.3:
+  * Improve some error messages
+  * Improve documentation
+  * Allow a principal with nonexistent policy to bypass the minimum
+    password lifetime check, consistent with other aspects of
+    nonexistent policies
+  * Fix a rare KDC denial of service vulnerability when anonymous client
+    principals are restricted to obtaining TGTs only [CVE-2016-3120]
+  
 -------------------------------------------------------------------
 Sat Jul  2 11:38:54 UTC 2016 - idonmez@suse.com
 
diff --git a/krb5.spec b/krb5.spec
index ea0da4c..79af43b 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -25,7 +25,7 @@ BuildRequires:  keyutils-devel
 BuildRequires:  libcom_err-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  ncurses-devel
-Version:        1.14.2
+Version:        1.14.3
 Release:        0
 Summary:        MIT Kerberos5 Implementation--Libraries
 License:        MIT
@@ -47,10 +47,11 @@ Obsoletes:      krb5-64bit
 %endif
 Conflicts:      krb5-mini
 # both tar.gz and .tar.gz.asc extracted from the http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
-Source:         krb5-%{version}.tar.gz
-Source43:       krb5.keyring
-Source1:        vendor-files.tar.bz2
-Source2:        baselibs.conf
+Source0:        krb5-%{version}.tar.gz
+Source1:        krb5-%{version}.tar.gz.asc
+Source2:        krb5.keyring
+Source3:        vendor-files.tar.bz2
+Source4:        baselibs.conf
 Source5:        krb5-rpmlintrc
 Patch1:         krb5-1.12-pam.patch
 Patch2:         krb5-1.9-manpaths.dif
@@ -167,7 +168,7 @@ Include Files for Development
 
 %prep
 %setup -q -n %{srcRoot}
-%setup -a 1 -T -D -n %{srcRoot}
+%setup -a 3 -T -D -n %{srcRoot}
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
@@ -198,23 +199,25 @@ DEFCCNAME=DIR:/run/user/%%{uid}/krb5cc; export DEFCCNAME
 	--libexecdir=/usr/lib/mit/sbin \
 	--libdir=%{_libdir} \
 	--includedir=%{_includedir} \
-        --localstatedir=%{_localstatedir}/lib/kerberos \
-        --localedir=%{_datadir}/locale \
+    --localstatedir=%{_localstatedir}/lib/kerberos \
+    --localedir=%{_datadir}/locale \
 	--enable-shared \
 	--disable-static \
-        --enable-dns-for-realm \
-        --disable-rpath \
-        --with-ldap \
-        --with-pam \
-        --enable-pkinit \
-        --with-pkinit-crypto-impl=openssl \
-        --with-selinux \
-        --with-system-et \
-        --with-system-ss \
-        --with-system-verto
-%{__make} %{?_smp_mflags}
+    --enable-dns-for-realm \
+    --disable-rpath \
+    --with-ldap \
+    --with-pam \
+    --enable-pkinit \
+    --with-pkinit-crypto-impl=openssl \
+    --with-selinux \
+    --with-system-et \
+    --with-system-ss \
+    --with-system-verto
+
+make %{?_smp_mflags}
+
 cd doc
-make %{?jobs:-j%jobs} substhtml
+make %{?_smp_mflags} substhtml
 cp -a html_subst ../../html
 cd ..