diff --git a/.gitignore b/.gitignore
index dd10168..225e9fa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/kernel-abi-whitelists-4.18.0-147.tar.bz2
 SOURCES/kernel-kabi-dw-4.18.0-147.tar.bz2
-SOURCES/linux-4.18.0-147.el8.tar.xz
+SOURCES/linux-4.18.0-147.0.2.el8_1.tar.xz
diff --git a/.kernel.metadata b/.kernel.metadata
index c1e655c..95ab829 100644
--- a/.kernel.metadata
+++ b/.kernel.metadata
@@ -1,3 +1,3 @@
 1906ed7a2c1abee6dcb9c8306445e68f9a3be4c4 SOURCES/kernel-abi-whitelists-4.18.0-147.tar.bz2
 18be70638c97c3893bf35677855018961077cc66 SOURCES/kernel-kabi-dw-4.18.0-147.tar.bz2
-d276d93e00a5f1083ade6dd79041080c1621c113 SOURCES/linux-4.18.0-147.el8.tar.xz
+2218ee09ff7d1b14e8c4e343be40250037ea2b1a SOURCES/linux-4.18.0-147.0.2.el8_1.tar.xz
diff --git a/README.debrand b/README.debrand
deleted file mode 100644
index 01c46d2..0000000
--- a/README.debrand
+++ /dev/null
@@ -1,2 +0,0 @@
-Warning: This package was configured for automatic debranding, but the changes
-failed to apply.
diff --git a/SOURCES/kernel-x86_64-debug.config b/SOURCES/kernel-x86_64-debug.config
index ea68d68..72bf29f 100644
--- a/SOURCES/kernel-x86_64-debug.config
+++ b/SOURCES/kernel-x86_64-debug.config
@@ -5467,6 +5467,7 @@ CONFIG_X86_EXTENDED_PLATFORM=y
 CONFIG_X86_INTEL_LPSS=y
 CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
 CONFIG_X86_INTEL_PSTATE=y
+CONFIG_X86_INTEL_TSX_MODE_ON=y
 CONFIG_X86_MCE=y
 CONFIG_X86_MCELOG_LEGACY=y
 CONFIG_X86_MCE_AMD=y
diff --git a/SOURCES/kernel-x86_64.config b/SOURCES/kernel-x86_64.config
index 450411f..b4fcc44 100644
--- a/SOURCES/kernel-x86_64.config
+++ b/SOURCES/kernel-x86_64.config
@@ -5448,6 +5448,7 @@ CONFIG_X86_EXTENDED_PLATFORM=y
 CONFIG_X86_INTEL_LPSS=y
 CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
 CONFIG_X86_INTEL_PSTATE=y
+CONFIG_X86_INTEL_TSX_MODE_ON=y
 CONFIG_X86_MCE=y
 CONFIG_X86_MCELOG_LEGACY=y
 CONFIG_X86_MCE_AMD=y
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 49676f0..34bf84d 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -42,10 +42,10 @@
 # define buildid .local
 
 %define rpmversion 4.18.0
-%define pkgrelease 147.el8
+%define pkgrelease 147.0.2.el8_1
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 147%{?dist}
+%define specrelease 147.0.2%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -54,6 +54,7 @@
 # All should default to 1 (enabled) and be flipped to 0 (disabled)
 # by later arch-specific checks.
 
+%define _with_kabidupchk 1
 # The following build options are enabled by default.
 # Use either --without <opt> in your rpmbuild command or force values
 # to 0 in here to disable them.
@@ -2316,8 +2317,45 @@ fi
 #
 #
 %changelog
-* Wed Nov 06 2019 CentOS Sources <bugs@centos.org> - 4.18.0-147.el8.centos
-- Apply debranding changes
+* Sun Nov 03 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-147.0.2.el8_1]
+- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1766056 1756805] {CVE-2019-0154}
+- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1766056 1756805] {CVE-2019-0154}
+- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [x86] x86/tsx: Add config options to set tsx=on|off|auto (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [x86] x86/tsx: Add "auto" option to the tsx= cmdline parameter (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [x86] x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [x86] x86/cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] KVM: x86/mmu: Reintroduce fast invalidate/zap for flushing memslot (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] Revert "KVM: x86/mmu: Zap only the relevant pages when removing a memslot" (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [zstream] switch to zstream (Frantisek Hrbata)
 
 * Thu Sep 26 2019 Herton R. Krzesinski <herton@redhat.com> [4.18.0-147.el8]
 - [x86] perf/x86/intel: Fix spurious NMI on fixed counter (Michael Petlan) [1755110]