diff --git a/LibRaw-0.18.2.tar.gz b/LibRaw-0.18.2.tar.gz
deleted file mode 100644
index a1c6145..0000000
--- a/LibRaw-0.18.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ce366bb38c1144130737eb16e919038937b4dc1ab165179a225d5e847af2abc6
-size 1281674
diff --git a/LibRaw-0.18.4.tar.gz b/LibRaw-0.18.4.tar.gz
new file mode 100644
index 0000000..9f84616
--- /dev/null
+++ b/LibRaw-0.18.4.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eaf4931b46e65861e88bbe704ccf370381e94d63e9a898b889ded4e0cb3b0c97
+size 1281104
diff --git a/libraw-CVE-2017-6887,6886.patch b/libraw-CVE-2017-6887,6886.patch
deleted file mode 100644
index 1670a17..0000000
--- a/libraw-CVE-2017-6887,6886.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From d7c3d2cb460be10a3ea7b32e9443a83c243b2251 Mon Sep 17 00:00:00 2001
-From: Alex Tutubalin <lexa@lexa.ru>
-Date: Sat, 4 Mar 2017 21:27:39 +0300
-Subject: [PATCH] Secunia SA75000 advisory: several buffer overruns
-
----
- dcraw/dcraw.c             | 12 ++++++++++--
- internal/dcraw_common.cpp | 12 ++++++++++--
- 2 files changed, 20 insertions(+), 4 deletions(-)
-
-Index: LibRaw-0.18.2/dcraw/dcraw.c
-===================================================================
---- LibRaw-0.18.2.orig/dcraw/dcraw.c	2017-05-23 10:30:39.264790336 +0200
-+++ LibRaw-0.18.2/dcraw/dcraw.c	2017-05-23 11:15:45.574900958 +0200
-@@ -5841,7 +5841,12 @@ int CLASS parse_tiff_ifd (int base)
- 	if (!strcmp(model,"DSLR-A100") && tiff_ifd[ifd].width == 3872) {
- 	  load_raw = &CLASS sony_arw_load_raw;
- 	  data_offset = get4()+base;
--	  ifd++;  break;
-+	  ifd++;  
-+#ifdef LIBRAW_LIBRARY_BUILD
-+          if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0])
-+            throw LIBRAW_EXCEPTION_IO_CORRUPT;
-+#endif  
-+          break; 
- 	}
- 	while (len--) {
- 	  i = ftell(ifp);
-@@ -6005,6 +6010,8 @@ int CLASS parse_tiff_ifd (int base)
- 	break;
-       case 50454:			/* Sinar tag */
-       case 50455:
-+        if (len < 1 || len > 2560000)
-+          break;
- 	if (!(cbuf = (char *) malloc(len))) break;
- 	fread (cbuf, 1, len, ifp);
- 	for (cp = cbuf-1; cp && cp < cbuf+len; cp = strchr(cp,'\n'))
diff --git a/libraw-CVE-2017-6890,6899.patch b/libraw-CVE-2017-6890,6899.patch
deleted file mode 100644
index b9fcaaf..0000000
--- a/libraw-CVE-2017-6890,6899.patch
+++ /dev/null
@@ -1,30 +0,0 @@
---- a/dcraw/dcraw.c
-+++ b/dcraw/dcraw.c
-@@ -319,7 +319,7 @@ void CLASS foveon_huff (ushort *huff)
- void CLASS foveon_dp_load_raw()
- {
-   unsigned c, roff[4], row, col, diff;
--  ushort huff[512], vpred[2][2], hpred[2];
-+  ushort huff[1024], vpred[2][2], hpred[2];
- 
-   fseek (ifp, 8, SEEK_CUR);
-   foveon_huff (huff);
-@@ -346,12 +346,16 @@ void CLASS foveon_dp_load_raw()
- void CLASS foveon_load_camf()
- {
-   unsigned type, wide, high, i, j, row, col, diff;
--  ushort huff[258], vpred[2][2] = {{512,512},{512,512}}, hpred[2];
-+  ushort huff[1024], vpred[2][2] = {{512,512},{512,512}}, hpred[2];
- 
-   fseek (ifp, meta_offset, SEEK_SET);
-   type = get4();  get4();  get4();
-   wide = get4();
-   high = get4();
-+#ifdef LIBRAW_LIBRARY_BUILD
-+  if(wide>32767 || high > 32767 || wide*high > 20000000)
-+     throw LIBRAW_EXCEPTION_IO_CORRUPT;
-+#endif
-   if (type == 2) {
-     fread (meta_data, 1, meta_length, ifp);
-     for (i=0; i < meta_length; i++) {
-
diff --git a/libraw-out-of-bounds-kodak.patch b/libraw-out-of-bounds-kodak.patch
new file mode 100644
index 0000000..9816a2e
--- /dev/null
+++ b/libraw-out-of-bounds-kodak.patch
@@ -0,0 +1,23 @@
+https://github.com/LibRaw/LibRaw/commit/8303e74b0567806dd5f16fc39aab70fe928de1a2
+diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
+index 18bcdbcb..8fb2b073 100644
+--- a/internal/dcraw_common.cpp
++++ b/internal/dcraw_common.cpp
+@@ -3240,8 +3240,15 @@ void CLASS kodak_65000_load_raw()
+       len = MIN (256, width-col);
+       ret = kodak_65000_decode (buf, len);
+       for (i=0; i < len; i++)
+-	if ((RAW(row,col+i) =	curve[ret ? buf[i] :
+-		(pred[i & 1] += buf[i])]) >> 12) derror();
++      {
++	int idx = ret ? buf[i] : (pred[i & 1] += buf[i]);
++	if(idx >=0 && idx <= 0xffff)
++	 {
++	   if ((RAW(row,col+i) = curve[idx]) >> 12) derror();
++         }
++	 else
++	   derror();
++      }
+     }
+   }
+ }
diff --git a/libraw.changes b/libraw.changes
index 3068ca3..0e96289 100644
--- a/libraw.changes
+++ b/libraw.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Sep 13 10:25:35 UTC 2017 - pgajdos@suse.com
+
+- updated to 0.18.4:
+ * Fix for possible heap overrun in Canon makernotes parser 
+   (CVE-2017-14348)
+ * Fix for CVE-2017-13735
+ * CVE-2017-14265: Additional check for X-Trans CFA pattern data
+- add libraw-out-of-bounds-kodak.patch, upstream bug #101
+- remove libraw-CVE-2017-6887,6886.patch and
+         libraw-CVE-2017-6890,6899.patch:
+  no need to patch dcraw.c, it is not used
+
 -------------------------------------------------------------------
 Tue May 23 06:54:04 UTC 2017 - pgajdos@suse.com
 
diff --git a/libraw.spec b/libraw.spec
index 5161001..36f3d24 100644
--- a/libraw.spec
+++ b/libraw.spec
@@ -21,7 +21,7 @@
 Name:           libraw
 %define lver    16
 %define lname	libraw%{lver}
-Version:        0.18.2
+Version:        0.18.4
 Release:        0
 Summary:        Library for reading RAW files obtained from digital photo cameras
 License:        CDDL-1.0 or LGPL-2.1
@@ -30,8 +30,7 @@ Url:            http://www.libraw.org/
 
 #Git-Clone:	git://github.com/LibRaw/LibRaw
 Source:         http://www.libraw.org/data/%tar_name-%version.tar.gz
-Patch0:         libraw-CVE-2017-6890,6899.patch
-Patch1:         libraw-CVE-2017-6887,6886.patch
+Patch0:         libraw-out-of-bounds-kodak.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libjasper-devel
@@ -101,7 +100,6 @@ against LibRaw. LibRaw does not provide dynamic libraries.
 %prep
 %setup -qn %tar_name-%version
 %patch0 -p1
-%patch1 -p1
 
 %build
 export CXXFLAGS="%optflags -fPIC -DUSE_ZLIB"