diff --git a/_service b/_service
index 15e10ec..665868d 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
git
disable
.git
- v14.1.2
+ v14.1.3
@PARENT_TAG@
enable
v(.*)
diff --git a/_servicedata b/_servicedata
index 3ab2553..a10c921 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
https://github.com/gravitational/teleport
- 47a97d98c1ea8c44d954e3508064f89fce6c3f8f
\ No newline at end of file
+ 748fa4e13472fbf93bc0d4833c5647bc82e7fbf4
\ No newline at end of file
diff --git a/teleport-14.1.2.obscpio b/teleport-14.1.2.obscpio
deleted file mode 100644
index b8d2134..0000000
--- a/teleport-14.1.2.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f57d6b4254ce60c3c09c677e457aa30f99f6b377968410aa512ac22c9fde58c4
-size 257082382
diff --git a/teleport-14.1.3.obscpio b/teleport-14.1.3.obscpio
new file mode 100644
index 0000000..2b60021
--- /dev/null
+++ b/teleport-14.1.3.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:61da350436bc0db3c9b0b9d5446ea00ca73fbe2804ed7c75b64c7be4b7b7104b
+size 257082382
diff --git a/teleport.changes b/teleport.changes
index feb2fdc..2df152d 100644
--- a/teleport.changes
+++ b/teleport.changes
@@ -1,3 +1,64 @@
+-------------------------------------------------------------------
+Thu Nov 16 14:24:38 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 14.1.3:
+ * Security Fixes
+ - [Medium] Arbitrary code execution with LD_PRELOAD and SFTP
+ Teleport implements SFTP using a subcommand. Prior to this
+ release it was possible to inject environment variables into
+ the execution of this subcommand, via shell init scripts or
+ via the SSH environment request.
+ This is addressed by preventing LD_PRELOAD and other
+ dangerous environment variables from being forwarded during
+ re-exec.
+ * [Medium] Outbound SSH from Proxy can lead to IP spoofing
+ If the Teleport auth or proxy services are configured to
+ accept PROXY protocol headers, a malicious actor can use this
+ to spoof their IP address.
+ This is addressed by requiring that the first bytes of any
+ SSH connection are the SSH protocol prefix, denying a
+ malicious actor the opportunity to send their own proxy
+ headers.
+ * Other Fixes & Improvements
+ - Fixed issue where tbot would select the wrong address for
+ Kubernetes Access when in ports separate mode #34283
+ - Added post-review state of Access Request in audit log
+ description #34213
+ - Updated Operator Reconciliation to skip Teleport Operator on
+ status updates #34194
+ - Updated Kube Agent Auto-Discovery to install the Teleport
+ version provided by Automatic Upgrades #34157
+ - Updated Server Auto-Discovery installer script to use bash
+ instead of sh #34144
+ - When a promotable Access Request targets a resource that
+ belongs to an Access List, owners of that list will now
+ automatically be added as reviewers. #34131
+ - Added Database Automatic User Provisioning support for
+ Redshift #34126
+ - Added teleport_auth_type config parameter to the AWS
+ Terraform examples #34124
+ - Fixed issue where an auto-provisioned PostgreSQL user may
+ keep old roles indefinitely #34121
+ - Fixed incorrectly set file mode for Windows TPM files #34113
+ - Added dynamic credential reloading for access plugins #34079
+ - Fixed Azure Identity federated Application ID #33960
+ - Fixed issue where Kubernetes Audit Events reported incorrect
+ information in the exec audit #33950
+ - Added support for formatting hostname as host:port to tsh
+ puttyconfig #33883
+ - Added support for --set-context-name to tsh proxy kube
+ - Fixed various Access List bookkeeping issues #33834
+ - Fixed issue where tsh aws ecs execute-command would always
+ fail #33833
+ - Updated UI to automatically redirect to login page on missing
+ session cookie #33806
+ - Added Dynamic Discovery matching for Databases #33693
+ - Fixed formatting errors on empty result sets in tsh #33633
+ - Added Database Automatic User Provisioning support for
+ MariaDB #34256
+ - Fixed issue where MySQL auto-user deletion fails on usernames
+ with quotes #34304
+
-------------------------------------------------------------------
Thu Nov 09 06:48:36 UTC 2023 - kastl@b1-systems.de
diff --git a/teleport.obsinfo b/teleport.obsinfo
index 31183cb..122b7c5 100644
--- a/teleport.obsinfo
+++ b/teleport.obsinfo
@@ -1,4 +1,4 @@
name: teleport
-version: 14.1.2
-mtime: 1699479548
-commit: 47a97d98c1ea8c44d954e3508064f89fce6c3f8f
+version: 14.1.3
+mtime: 1699485178
+commit: 748fa4e13472fbf93bc0d4833c5647bc82e7fbf4
diff --git a/teleport.spec b/teleport.spec
index 25113ec..aed15c0 100644
--- a/teleport.spec
+++ b/teleport.spec
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: teleport
-Version: 14.1.2
+Version: 14.1.3
Release: 0
Summary: Identity-aware, multi-protocol access proxy
License: Apache-2.0
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 72993f8..31510ba 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:de0295ba1aca450550fa2423c5ebe248f0700011298e1dbf709b48f4b359d783
-size 39643323
+oid sha256:cb42b2dc64b3ae449fb4f448a9b098fd7cf5798a67083e32eac6756ef7b71868
+size 39644500