diff --git a/mbedtls-1.3.16-gpl.tgz b/mbedtls-1.3.16-gpl.tgz
deleted file mode 100644
index 4a50f3e..0000000
--- a/mbedtls-1.3.16-gpl.tgz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f413146c177c52d4ad8f48015e2fb21dd3a029ca30a2ea000cbc4f9bd092c933
-size 1760112
diff --git a/mbedtls-1.3.17-gpl.tgz b/mbedtls-1.3.17-gpl.tgz
new file mode 100644
index 0000000..72f3ac9
--- /dev/null
+++ b/mbedtls-1.3.17-gpl.tgz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f5beb43e850283915e3e0f8d37495eade3bfb5beedfb61e7b8da70d4c68edb82
+size 1766596
diff --git a/mbedtls.changes b/mbedtls.changes
index ec0d435..04113b5 100644
--- a/mbedtls.changes
+++ b/mbedtls.changes
@@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Thu Jul 14 12:00:56 UTC 2016 - mpluskal@suse.com
+
+- Update to version 1.3.17 (boo#988956):
+	* Security
+    + Fix missing padding length check in 
+      mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2
+    + Fix a potential integer underflow to buffer overread in 
+      mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable 
+      remotely in SSL/TLS.
+    + Fix potential integer overflow to buffer overflow in 
+      mbedtls_rsa_rsaes_pkcs1_v15_encrypt and 
+      mbedtls_rsa_rsaes_oaep_encrypt
+  * Bugfix
+    + Fix bug in mbedtls_mpi_add_mpi() that caused wrong results 
+      when the three arguments where the same (in-place doubling). 
+      Found and fixed by Janos Follath. #309
+    + Fix issue in Makefile that prevented building using armar.
+    + Fix issue that caused a hang up when generating RSA keys of 
+      odd bitlength
+    + Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made 
+      null pointer dereference possible.
+    + Fix issue that caused a crash if invalid curves were passed 
+      to mbedtls_ssl_conf_curves. #373
+    * Changes
+      + On ARM platforms, when compiling with -O0 with GCC, Clang or 
+        armcc5, don't use the optimized assembly for bignum 
+        multiplication. This removes the need to pass 
+        -fomit-frame-pointer to avoid a build error with -O0.
+      + Disabled SSLv3 in the default configuration.
+      + Fix non-compliance server extension handling. Extensions for 
+        SSLv3 are now ignored, as required by RFC6101.
+
 -------------------------------------------------------------------
 Sun Jan 10 13:08:11 UTC 2016 - mpluskal@suse.com
 
diff --git a/mbedtls.spec b/mbedtls.spec
index d7b39d7..c68adc8 100644
--- a/mbedtls.spec
+++ b/mbedtls.spec
@@ -18,7 +18,7 @@
 
 %define lib_name lib%{name}9
 Name:           mbedtls
-Version:        1.3.16
+Version:        1.3.17
 Release:        0
 Summary:        Open Source embedded SSL/TLS cryptographic library
 License:        GPL-2.0+
@@ -27,7 +27,7 @@ Url:            https://tls.mbed.org
 Source:         https://tls.mbed.org/download/%{name}-%{version}-gpl.tgz
 Source99:       baselibs.conf
 BuildRequires:  cmake
-BuildRequires:  pkg-config
+BuildRequires:  pkgconfig
 BuildRequires:  zlib-devel
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -76,7 +76,6 @@ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{_builddir}/%{name}-%{version}/build/li
 make -C build test %{?_smp_mflags}
 
 %post -n %{lib_name} -p /sbin/ldconfig
-
 %postun -n %{lib_name}  -p /sbin/ldconfig
 
 %files devel