diff --git a/SOURCES/0087-findmnt-fix-target-behaviour.patch b/SOURCES/0087-findmnt-fix-target-behaviour.patch
new file mode 100644
index 0000000..289e599
--- /dev/null
+++ b/SOURCES/0087-findmnt-fix-target-behaviour.patch
@@ -0,0 +1,106 @@
+From fbdd962ca187399cab3b0bf78d740e5fb304e0bf Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Fri, 16 Dec 2016 12:19:32 +0100
+Subject: [PATCH] findmnt: fix --target behaviour
+
+Upstream: https://github.com/karelzak/util-linux/commit/80c31a0b596125b387c6b27c899e8bad4e46680b
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1405238
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libmount/src/mountP.h |  1 +
+ libmount/src/tab.c    |  4 ++++
+ libmount/src/utils.c  |  9 +++++++++
+ misc-utils/findmnt.c  | 10 +++-------
+ 4 files changed, 17 insertions(+), 7 deletions(-)
+
+diff --git a/libmount/src/mountP.h b/libmount/src/mountP.h
+index 7b0848f..6cabced 100644
+--- a/libmount/src/mountP.h
++++ b/libmount/src/mountP.h
+@@ -164,6 +164,7 @@ extern int mnt_get_filesystems(char ***filesystems, const char *pattern);
+ extern void mnt_free_filesystems(char **filesystems);
+ 
+ extern char *mnt_get_kernel_cmdline_option(const char *name);
++extern int mnt_stat_mountpoint(const char *target, struct stat *st);
+ 
+ /* tab.c */
+ extern int mnt_table_set_parser_fltrcb(	struct libmnt_table *tb,
+diff --git a/libmount/src/tab.c b/libmount/src/tab.c
+index 10ee7ce..5628da6 100644
+--- a/libmount/src/tab.c
++++ b/libmount/src/tab.c
+@@ -528,6 +528,7 @@ struct libmnt_fs *mnt_table_find_mountpoint(struct libmnt_table *tb,
+ 					    int direction)
+ {
+ 	char *mnt;
++	struct stat st;
+ 
+ 	if (!tb || !path || !*path)
+ 		return NULL;
+@@ -536,6 +537,9 @@ struct libmnt_fs *mnt_table_find_mountpoint(struct libmnt_table *tb,
+ 
+ 	DBG(TAB, mnt_debug_h(tb, "lookup MOUNTPOINT: '%s'", path));
+ 
++	if (mnt_stat_mountpoint(path, &st))
++		return NULL;
++
+ 	mnt = strdup(path);
+ 	if (!mnt)
+ 		return NULL;
+diff --git a/libmount/src/utils.c b/libmount/src/utils.c
+index c13fb96..5c374b4 100644
+--- a/libmount/src/utils.c
++++ b/libmount/src/utils.c
+@@ -104,6 +104,15 @@ static int fstype_cmp(const void *v1, const void *v2)
+ 	return strcmp(s1, s2);
+ }
+ 
++int mnt_stat_mountpoint(const char *target, struct stat *st)
++{
++#ifdef AT_NO_AUTOMOUNT
++	return fstatat(-1, target, st, AT_NO_AUTOMOUNT);
++#else
++	return stat(target, st);
++#endif
++}
++
+ /* returns basename and keeps dirname in the @path, if @path is "/" (root)
+  * then returns empty string */
+ char *stripoff_last_component(char *path)
+diff --git a/misc-utils/findmnt.c b/misc-utils/findmnt.c
+index fe899db..79ef12e 100644
+--- a/misc-utils/findmnt.c
++++ b/misc-utils/findmnt.c
+@@ -239,16 +239,15 @@ static void set_source_match(const char *data)
+ /* @tb has to be from kernel (so no fstab or so)! */
+ static void enable_extra_target_match(struct libmnt_table *tb)
+ {
+-	char *cn = NULL;
+-	const char *tgt = NULL, *mnt = NULL;
++	const char *tgt, *mnt = NULL;
+ 	struct libmnt_fs *fs;
+ 
+ 	/*
+ 	 * Check if match pattern is mountpoint, if not use the
+ 	 * real mountpoint.
+ 	 */
+-	cn = mnt_resolve_path(get_match(COL_TARGET), cache);
+-	if (!cn)
++	tgt = mnt_resolve_path(get_match(COL_TARGET), cache);
++	if (!tgt)
+ 		return;
+ 
+ 	fs = mnt_table_find_mountpoint(tb, tgt, MNT_ITER_BACKWARD);
+@@ -256,9 +255,6 @@ static void enable_extra_target_match(struct libmnt_table *tb)
+ 		mnt = mnt_fs_get_target(fs);
+ 	if (mnt && strcmp(mnt, tgt) != 0)
+ 		set_match(COL_TARGET, xstrdup(mnt));	/* replace the current setting */
+-
+-	/* replace the current setting with the real mountpoint */
+-	set_match(COL_TARGET, mnt);
+ }
+ 
+ 
+-- 
+2.7.4
+
diff --git a/SOURCES/0088-su-properly-clear-child-PID.patch b/SOURCES/0088-su-properly-clear-child-PID.patch
new file mode 100644
index 0000000..ae125a7
--- /dev/null
+++ b/SOURCES/0088-su-properly-clear-child-PID.patch
@@ -0,0 +1,64 @@
+From 756f8301d5f7959312bea3fa8865bb543d43fd50 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Wed, 8 Feb 2017 10:19:56 +0100
+Subject: [PATCH] su: properly clear child PID
+
+Upstream: http://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1419474
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ login-utils/su-common.c | 25 +++++++++++++++----------
+ 1 file changed, 15 insertions(+), 10 deletions(-)
+
+diff --git a/login-utils/su-common.c b/login-utils/su-common.c
+index d53d690..9b3cad5 100644
+--- a/login-utils/su-common.c
++++ b/login-utils/su-common.c
+@@ -357,21 +357,26 @@ create_watching_parent (void)
+ 	    break;
+ 	}
+       if (pid != (pid_t)-1)
+-	if (WIFSIGNALED (status))
+-	  {
+-            fprintf (stderr, "%s%s\n", strsignal (WTERMSIG (status)),
+-                     WCOREDUMP (status) ? _(" (core dumped)") : "");
+-            status = WTERMSIG (status) + 128;
+-	  }
+-	else
+-	  status = WEXITSTATUS (status);
++	{
++	  if (WIFSIGNALED (status))
++	    {
++	      fprintf (stderr, "%s%s\n", strsignal (WTERMSIG (status)),
++                       WCOREDUMP (status) ? _(" (core dumped)") : "");
++	      status = WTERMSIG (status) + 128;
++	    }
++	  else
++	    status = WEXITSTATUS (status);
++
++          /* child is gone, don't use the PID anymore */
++          child = (pid_t) -1;
++	}
+       else
+ 	status = 1;
+     }
+   else
+     status = 1;
+ 
+-  if (caught_signal)
++  if (caught_signal && child != (pid_t)-1)
+     {
+       fprintf (stderr, _("\nSession terminated, killing shell..."));
+       kill (child, SIGTERM);
+@@ -379,7 +384,7 @@ create_watching_parent (void)
+ 
+   cleanup_pam (PAM_SUCCESS);
+ 
+-  if (caught_signal)
++  if (caught_signal && (child != (pid_t)-1))
+     {
+       sleep (2);
+       kill (child, SIGKILL);
+-- 
+2.7.4
+
diff --git a/SPECS/util-linux.spec b/SPECS/util-linux.spec
index 1299dea..b6716ab 100644
--- a/SPECS/util-linux.spec
+++ b/SPECS/util-linux.spec
@@ -2,7 +2,7 @@
 Summary: A collection of basic system utilities
 Name: util-linux
 Version: 2.23.2
-Release: 33%{?dist}
+Release: 33%{?dist}.2
 License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
 Group: System Environment/Base
 URL: http://en.wikipedia.org/wiki/Util-linux
@@ -260,6 +260,13 @@ Patch85: 0085-libblkid-store-only-canonical-devnames-to-the-cache.patch
 # 1349536 - Extended partition loop in MBR partition table leads to DOS
 Patch86: 0086-libblkid-avoid-recursion-in-EBR.patch
 
+#
+# RHEL7.3.Z
+#
+# 1405238 - findmnt --target behaviour changed in 7.3, shows all mount-points in chroot
+Patch87: 0087-findmnt-fix-target-behaviour.patch
+# 1420262 - CVE-2017-2616 util-linux
+Patch88: 0088-su-properly-clear-child-PID.patch
 
 %description
 The util-linux package contains a large variety of low-level system
@@ -985,6 +992,12 @@ fi
 %{_libdir}/pkgconfig/uuid.pc
 
 %changelog
+* Wed Feb  8 2017 Karel Zak <kzak@redhat.com> 2.23.2-33.el7_3.2
+* fix CVE-2017-2616 - Sending SIGKILL to other processes with root privileges via su
+
+* Mon Jan 23 2017 Karel Zak <kzak@redhat.com> 2.23.2-33.el7_3.1
+- fix #1405238 - findmnt --target behaviour changed in 7.3, shows all mount-points in chroot
+
 * Tue Jul 12 2016 Karel Zak <kzak@redhat.com> 2.23.2-33
 - improve patch for #1007734 (libblkid realpaths)