diff --git a/su-properly-clear-child-PID.patch b/su-properly-clear-child-PID.patch
new file mode 100644
index 0000000..492f1d7
--- /dev/null
+++ b/su-properly-clear-child-PID.patch
@@ -0,0 +1,56 @@
+From dffab154d29a288aa171ff50263ecc8f2e14a891 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Wed, 1 Feb 2017 11:58:09 +0100
+Subject: [PATCH] su: properly clear child PID
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reported-by: Tobias Stöckmann <tobias@stoeckmann.org>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ login-utils/su-common.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/login-utils/su-common.c b/login-utils/su-common.c
+index 5aefd3f..696adc8 100644
+--- a/login-utils/su-common.c
++++ b/login-utils/su-common.c
+@@ -368,6 +368,9 @@ create_watching_parent (void)
+             }
+           else
+             status = WEXITSTATUS (status);
++
++	  /* child is gone, don't use the PID anymore */
++	  child = (pid_t) -1;
+         }
+       else if (caught_signal)
+         status = caught_signal + 128;
+@@ -377,7 +380,7 @@ create_watching_parent (void)
+   else
+     status = 1;
+ 
+-  if (caught_signal)
++  if (caught_signal && child != (pid_t)-1)
+     {
+       fprintf (stderr, _("\nSession terminated, killing shell..."));
+       kill (child, SIGTERM);
+@@ -387,9 +390,12 @@ create_watching_parent (void)
+ 
+   if (caught_signal)
+     {
+-      sleep (2);
+-      kill (child, SIGKILL);
+-      fprintf (stderr, _(" ...killed.\n"));
++      if (child != (pid_t)-1)
++	{
++	  sleep (2);
++	  kill (child, SIGKILL);
++	  fprintf (stderr, _(" ...killed.\n"));
++	}
+ 
+       /* Let's terminate itself with the received signal.
+        *
+-- 
+2.9.3
+
diff --git a/util-linux.spec b/util-linux.spec
index f6d533b..82a2e3d 100644
--- a/util-linux.spec
+++ b/util-linux.spec
@@ -2,7 +2,7 @@
 Summary: A collection of basic system utilities
 Name: util-linux
 Version: 2.28.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
 Group: System Environment/Base
 URL: http://en.wikipedia.org/wiki/Util-linux
@@ -89,6 +89,9 @@ Requires: libfdisk = %{version}-%{release}
 # 151635 - makeing /var/log/lastlog
 Patch0: 2.28-login-lastlog-create.patch
 
+# 1418710,1425713
+Patch1: su-properly-clear-child-PID.patch
+
 %description
 The util-linux package contains a large variety of low-level system
 utilities that are necessary for a Linux system to function. Among
@@ -919,6 +922,9 @@ exit 0
 %{_libdir}/python*/site-packages/libmount/*
 
 %changelog
+* Wed Feb 22 2017 Karel Zak <kzak@redhat.com> - 2.28.2-2
+- fix CVE-2017-2616 - sending SIGKILL to other processes with root privileges via su
+
 * Wed Sep  7 2016 Karel Zak <kzak@redhat.com> - 2.28.2-1
 - upgrade to stable 2.28.2
   http://ftp.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28.2-ReleaseNotes