diff --git a/sudo-1.9.4p2.tar.gz b/sudo-1.9.4p2.tar.gz
deleted file mode 100644
index 7d5d7e3..0000000
--- a/sudo-1.9.4p2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c34af1fa79d40d0869e4010bdd64005290ea2e1ba35638ef07fcc684c4470f64
-size 3994184
diff --git a/sudo-1.9.4p2.tar.gz.sig b/sudo-1.9.4p2.tar.gz.sig
deleted file mode 100644
index 750b73d..0000000
Binary files a/sudo-1.9.4p2.tar.gz.sig and /dev/null differ
diff --git a/sudo-1.9.5p1.tar.gz b/sudo-1.9.5p1.tar.gz
new file mode 100644
index 0000000..3ef430b
--- /dev/null
+++ b/sudo-1.9.5p1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4dddf37c22653defada299e5681e0daef54bb6f5fc950f63997bb8eb966b7882
+size 4008926
diff --git a/sudo-1.9.5p1.tar.gz.sig b/sudo-1.9.5p1.tar.gz.sig
new file mode 100644
index 0000000..f99c3f1
Binary files /dev/null and b/sudo-1.9.5p1.tar.gz.sig differ
diff --git a/sudo.changes b/sudo.changes
index 356b2aa..e8894b4 100644
--- a/sudo.changes
+++ b/sudo.changes
@@ -1,3 +1,63 @@
+-------------------------------------------------------------------
+Thu Jan 14 08:54:04 UTC 2021 - Kristyna Streitova <kstreitova@suse.com>
+
+- Update to 1.9.5.p1
+  * Fixed a regression introduced in sudo 1.9.5 where the editor run
+    by sudoedit was set-user-ID root unless SELinux RBAC was in use.
+    The editor is now run with the user's real and effective user-IDs.
+
+- News in 1.9.5
+  * Fixed a crash introduced in 1.9.4 when running "sudo -i" as an
+    unknown user.  This is related to but distinct from Bug #948.
+  * If the "lecture_file" setting is enabled in sudoers, it must now
+    refer to a regular file or a symbolic link to a regular file.
+  * Fixed a potential use-after-free bug in sudo_logsrvd when the
+    server shuts down if there are existing connections from clients
+    that are only logging events and not session I/O data.
+  * Fixed a buffer size mismatch when serializing the list of IP
+    addresses for configured network interfaces.  This bug is not
+    actually exploitable since the allocated buffer is large enough
+    to hold the list of addresses.
+  * If sudo is executed with a name other than "sudo" or "sudoedit",
+    it will now fall back to "sudo" as the program name.  This affects
+    warning, help and usage messages as well as the matching of Debug
+    lines in the /etc/sudo.conf file.  Previously, it was possible
+    for the invoking user to manipulate the program name by setting
+    argv[0] to an arbitrary value when executing sudo.
+  * Sudo now checks for failure when setting the close-on-exec flag
+    on open file descriptors.  This should never fail but, if it
+    were to, there is the possibility of a file descriptor leak to
+    a child process (such as the command sudo runs).
+  * Fixed CVE-2021-23239, a potential information leak in sudoedit
+    that could be used to test for the existence of directories not
+    normally accessible to the user in certain circumstances.  When
+    creating a new file, sudoedit checks to make sure the parent
+    directory of the new file exists before running the editor.
+    However, a race condition exists if the invoking user can replace
+    (or create) the parent directory.  If a symbolic link is created
+    in place of the parent directory, sudoedit will run the editor
+    as long as the target of the link exists.  If the target of the
+    link does not exist, an error message will be displayed.  The
+    race condition can be used to test for the existence of an
+    arbitrary directory.  However, it _cannot_ be used to write to
+    an arbitrary location.
+  * Fixed CVE-2021-23240, a flaw in the temporary file handling of
+    sudoedit's SELinux RBAC support.  On systems where SELinux is
+    enabled, a user with sudoedit permissions may be able to set the
+    owner of an arbitrary file to the user-ID of the target user.
+    On Linux kernels that support "protected symlinks", setting
+    /proc/sys/fs/protected_symlinks to 1 will prevent the bug from
+    being exploited.  For more information see
+    https://www.sudo.ws/alerts/sudoedit_selinux.html.
+  * Added writability checks for sudoedit when SELinux RBAC is in use.
+    This makes sudoedit behavior consistent regardless of whether
+    or not SELinux RBAC is in use.  Previously, the "sudoedit_checkdir"
+    setting had no effect for RBAC entries.
+  * A new sudoers option "selinux" can be used to disable sudo's
+    SELinux RBAC support.
+  * Quieted warnings from PVS Studio, clang analyzer, and cppcheck.
+    Added suppression annotations for PVS Studio false positives.
+
 -------------------------------------------------------------------
 Mon Dec 21 17:13:59 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
 
diff --git a/sudo.spec b/sudo.spec
index 1dc0b90..7e95d2b 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package sudo
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
 %define use_usretc 1
 %endif
 Name:           sudo
-Version:        1.9.4p2
+Version:        1.9.5p1
 Release:        0
 Summary:        Execute some commands as root
 License:        ISC