diff --git a/heimdal-7.3.0-patched.tar.bz2 b/heimdal-7.3.0-patched.tar.bz2
deleted file mode 100644
index be46582..0000000
--- a/heimdal-7.3.0-patched.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:550e99237a823e3aeda6ac25de59b4edafaee8a5eb1769145d0f5c9fce01a672
-size 7458288
diff --git a/heimdal-7.4.0-patched.tar.bz2 b/heimdal-7.4.0-patched.tar.bz2
new file mode 100644
index 0000000..6f07ae1
--- /dev/null
+++ b/heimdal-7.4.0-patched.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f49a302ab803b536dbc2c1c0e33d9b35ab859fc8e8785908d7e1cb1a78afabe0
+size 7457572
diff --git a/heimdal-patched.diff b/heimdal-patched.diff
index fc6546e..d93ab2a 100644
--- a/heimdal-patched.diff
+++ b/heimdal-patched.diff
@@ -4,7 +4,7 @@ diff -uNr heimdal-7.3.0/configure.ac heimdal-7.3.0-patched/configure.ac
 @@ -3,7 +3,6 @@
  AC_PREREQ(2.62)
  test -z "$CFLAGS" && CFLAGS="-g"
- AC_INIT([Heimdal],[7.3.0],[https://github.com/heimdal/heimdal/issues])
+ AC_INIT([Heimdal],[7.4.0],[https://github.com/heimdal/heimdal/issues])
 -AC_CONFIG_SRCDIR([kuser/kinit.c])
  AC_CONFIG_HEADERS(include/config.h)
  AC_CONFIG_MACRO_DIR([cf])
diff --git a/libheimdal.changes b/libheimdal.changes
index a7d091c..e13c3b2 100644
--- a/libheimdal.changes
+++ b/libheimdal.changes
@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Thu Aug 03 20:25:45 UTC 2017 - joerg.lorenzen@ki.tng.de
+
+- Update to version 7.4.0
+  - Security
+    - Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name
+      validation.
+      This is a critical vulnerability.
+      In _krb5_extract_ticket() the KDC-REP service name must be
+      obtained from encrypted version stored in 'enc_part' instead
+      of the unencrypted version stored in 'ticket'.
+      Use of the unecrypted version provides an opportunity for
+      successful server impersonation and other attacks.
+      Identified by Jeffrey Altman, Viktor Duchovni and
+      Nico Williams.
+      See https://www.orpheus-lyre.info/ for more details.
+- Fixed heimdal-patched.diff.
+
 -------------------------------------------------------------------
 Thu Jun 15 20:52:17 UTC 2017 - joerg.lorenzen@ki.tng.de
 
diff --git a/libheimdal.spec b/libheimdal.spec
index bc830ac..06b4860 100644
--- a/libheimdal.spec
+++ b/libheimdal.spec
@@ -20,7 +20,7 @@ Name:           libheimdal
 Summary:        The Heimdal implementation of the Kerberos 5 protocol
 License:        BSD-3-Clause
 Group:          Productivity/Networking/Security
-Version:        7.3.0
+Version:        7.4.0
 Release:        0
 Url:            http://www.h5l.org
 # patched source can be created with script heimdal-patch-source.sh: