diff --git a/librsvg-2.40.17.tar.xz b/librsvg-2.40.17.tar.xz
deleted file mode 100644
index 2d326bf..0000000
--- a/librsvg-2.40.17.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e6f6c5cbecc405bb945c7cd15061276035ae3173bbb3bb25e8a916779c7f69cc
-size 573244
diff --git a/librsvg-2.40.18.tar.xz b/librsvg-2.40.18.tar.xz
new file mode 100644
index 0000000..79ae401
--- /dev/null
+++ b/librsvg-2.40.18.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bfc8c488c89c1e7212c478beb95c41b44701636125a3e6dab41187f1485b564c
+size 574384
diff --git a/librsvg.changes b/librsvg.changes
index 28b7b65..51800f1 100644
--- a/librsvg.changes
+++ b/librsvg.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Thu Jul 20 09:00:14 UTC 2017 - zaitor@opensuse.org
+
+- Update to version 2.40.18 (boo#1049607, CVE-2017-11464):
+  + Fix division-by-zero in the Gaussian blur code (bgo#783835,
+    boo#1049607, CVE-2017-11464).
+  + Fix other cases of division-by-zero on fuzzed SVG files.
+  + Don't crash on invalid transformation matrices.
+  + Support Visual Studio 2017; generate .pc files for Meson on
+    Windows.
+
 -------------------------------------------------------------------
 Mon Apr 10 07:06:52 UTC 2017 - zaitor@opensuse.org
 
diff --git a/librsvg.spec b/librsvg.spec
index e6448ce..7f7501b 100644
--- a/librsvg.spec
+++ b/librsvg.spec
@@ -17,7 +17,7 @@
 
 
 Name:           librsvg
-Version:        2.40.17
+Version:        2.40.18
 Release:        0
 Summary:        A Library for Rendering SVG Data
 License:        LGPL-2.0+ and GPL-2.0+