diff --git a/apache2.changes b/apache2.changes
index 3105dce..e4e297d 100644
--- a/apache2.changes
+++ b/apache2.changes
@@ -1,3 +1,49 @@
+-------------------------------------------------------------------
+Tue Oct 19 17:16:16 UTC 2010 - poeml@cmdline.net
+
+- update to 2.2.17:
+  SECURITY: CVE-2010-1623 (cve.mitre.org)
+     Fix a denial of service attack against apr_brigade_split_line().
+     [Actual fix is in the libapr 1.3 line, which we don't use // poeml]
+  SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org)
+     Fix two buffer over-read flaws in the bundled copy of expat which could
+     cause applications to crash while parsing specially-crafted XML documents.
+     [We build with system expat library // poeml]
+  prefork MPM: Run cleanups for final request when process exits gracefully
+     to work around a flaw in apr-util.  PR 43857
+  core: 
+   - check symlink ownership if both FollowSymlinks and
+     SymlinksIfOwnerMatch are set
+   - fix origin checking in SymlinksIfOwnerMatch PR 36783
+   - (re)-introduce -T commandline option to suppress documentroot
+     check at startup.  PR 41887 
+  vhost: 
+   - A purely-numeric Host: header should not be treated as a port.  PR 44979 
+  rotatelogs: 
+   - Fix possible buffer overflow if admin configures a
+     mongo log file path.
+  Proxy balancer: support setting error status according to HTTP response
+     code from a backend.  PR 48939.
+  mod_authnz_ldap: 
+   - If AuthLDAPCharsetConfig is set, also convert the
+     password to UTF-8. PR 45318.
+  mod_dir, mod_negotiation: 
+   - Pass the output filter information to newly created sub requests; as these
+     are later on used as true requests with an internal redirect. This allows
+     for mod_cache et.al. to trap the results of the redirect.  PR 17629, 43939
+  mod_headers: 
+   - Enable multi-match-and-replace edit option PR 46594
+  mod_log_config: 
+   - Make ${cookie}C correctly match whole cookie names
+     instead of substrings. PR 28037.
+  mod_reqtimeout: 
+   - Do not wrongly enforce timeouts for mod_proxy's backend
+     connections and other protocol handlers (like mod_ftp). Enforce the
+     timeout for AP_MODE_GETLINE. If there is a timeout, shorten the lingering
+     close time from 30 to 2 seconds.
+  mod_ssl: 
+   - Do not do overlapping memcpy. PR 45444 
+
 -------------------------------------------------------------------
 Tue Oct  5 18:25:39 UTC 2010 - cristian.rodriguez@opensuse.org
 
diff --git a/apache2.spec b/apache2.spec
index 28908dc..6af0f30 100644
--- a/apache2.spec
+++ b/apache2.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package apache2 (Version 2.2.16)
+# spec file for package apache2 (Version 2.2.11)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -67,9 +67,9 @@ BuildRequires:  expat-devel
 %define platform_string	Linux/%VENDOR
 License:        ASLv..
 Group:          Productivity/Networking/Web/Servers
-%define realver 2.2.16
-Version:        2.2.16
-Release:        2
+%define realver 2.2.17
+Version:        2.2.17
+Release:        1
 #Source0:      http://www.apache.org/dist/httpd-%{version}.tar.bz2
 Source0:        http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2
 # Add file to take mtime from it in prep section
diff --git a/httpd-2.2.16.tar.bz2 b/httpd-2.2.16.tar.bz2
deleted file mode 100644
index fb3033a..0000000
--- a/httpd-2.2.16.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9457d57a6bea15ce5bde83c88803c030953b99bdd0fbae65854adff527ed4c52
-size 4775545
diff --git a/httpd-2.2.17.tar.bz2 b/httpd-2.2.17.tar.bz2
new file mode 100644
index 0000000..494bfc2
--- /dev/null
+++ b/httpd-2.2.17.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:868af11e3ed8fa9aade15241ea4f51971b3ef71104292ca2625ef2065e61fb04
+size 4951247