diff --git a/SOURCES/sudo-1.8.6p7-CVE-2017-1000368.patch b/SOURCES/sudo-1.8.6p7-CVE-2017-1000368.patch
new file mode 100644
index 0000000..27ad7ba
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p7-CVE-2017-1000368.patch
@@ -0,0 +1,117 @@
+diff --git a/src/ttyname.c b/src/ttyname.c
+index 32f093c..d8858f7 100644
+--- a/src/ttyname.c
++++ b/src/ttyname.c
+@@ -414,53 +414,80 @@ get_process_ttyname(void)
+ }
+ #elif defined(__linux__)
+ /*
+- * Return a string from ttyname() containing the tty to which the process is
+- * attached or NULL if there is no tty associated with the process (or its
+- * parent).  First tries field 7 in /proc/pid/stat, then /proc/ppid/stat.
+- * Falls back on ttyname of std{in,out,err} if that fails.
++ * Store the name of the tty to which the process is attached in name.
++ * Returns name on success and NULL on failure, setting errno.
+  */
+ char *
+ get_process_ttyname(void)
+ {
+-    char *line = NULL, *tty = NULL;
+-    size_t linesize = 0;
+-    ssize_t len;
+-    int i;
++    const char path[] = "/proc/self/stat";
++    char *cp, buf[1024];
++    char *ret = NULL;
++    int serrno = errno;
++    ssize_t nread;
++    int fd;
+     debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL)
+ 
+-    /* Try to determine the tty from tty_nr in /proc/pid/stat. */
+-    for (i = 0; tty == NULL && i < 2; i++) {
+-	FILE *fp;
+-	char path[PATH_MAX];
+-	(void)snprintf(path, sizeof(path), "/proc/%u/stat",
+-	    i ? (unsigned int)getppid() : (unsigned int)getpid());
+-	if ((fp = fopen(path, "r")) == NULL)
+-	    continue;
+-	len = getline(&line, &linesize, fp);
+-	fclose(fp);
+-	if (len != -1) {
++    /*
++     * Try to determine the tty from tty_nr in /proc/self/stat.
++     * Ignore /proc/self/stat if it contains embedded NUL bytes.
++     */
++    if ((fd = open(path, O_RDONLY | O_NOFOLLOW)) != -1) {
++	cp = buf;
++	while ((nread = read(fd, cp, buf + sizeof(buf) - cp)) != 0) {
++	    if (nread == -1) {
++		if (errno == EAGAIN || errno == EINTR)
++		    continue;
++		break;
++	    }
++	    cp += nread;
++	    if (cp >= buf + sizeof(buf))
++		break;
++	}
++	if (nread == 0 && memchr(buf, '\0', cp - buf) == NULL) {
+ 	    /*
+ 	     * Field 7 is the tty dev (0 if no tty).
+-	     * Since the process name at field 2 "(comm)" may include spaces,
+-	     * start at the last ')' found.
++	     * Since the process name at field 2 "(comm)" may include
++	     * whitespace (including newlines), start at the last ')' found.
+ 	     */
+-	    char *cp = strrchr(line, ')');
+-	    int field = 2;
+-	    while (*cp != '\0') {
+-		if (*cp++ == ' ') {
+-		    if (++field == 7) {
+-			dev_t tdev = (dev_t)atoi(cp);
+-			if (tdev > 0)
+-			    tty = sudo_ttyname_dev(tdev);
+-			break;
++	    *cp = '\0';
++	    cp = strrchr(buf, ')');
++	    if (cp != NULL) {
++		char *ep = cp;
++		int field = 1;
++
++		while (*++ep != '\0') {
++		    if (*ep == ' ') {
++			*ep = '\0';
++			if (++field == 7) {
++			    dev_t tdev = (dev_t)strtol(cp, NULL, 10);
++			    if (tdev == 0 || errno == ERANGE || errno == EINVAL) {
++				sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
++				    "%s: tty device %s: %s", path, cp, strerror(errno));
++			    }
++			    if (tdev > 0) {
++				errno = serrno;
++				ret = sudo_ttyname_dev(tdev);
++				goto done;
++			    }
++			    break;
++			}
++			cp = ep + 1;
+ 		    }
+ 		}
+ 	    }
+ 	}
+     }
+-    efree(line);
++    errno = ENOENT;
+ 
+-    debug_return_str(tty);
++done:
++    if (fd != -1)
++	close(fd);
++    if (ret == NULL)
++	sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
++	    "unable to resolve tty via %s", path);
++
++    debug_return_str(ret);
+ }
+ #else
+ /*
diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
index eb01223..7f47ede 100644
--- a/SPECS/sudo.spec
+++ b/SPECS/sudo.spec
@@ -1,7 +1,7 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
 Version: 1.8.6p7
-Release: 22%{?dist}
+Release: 23%{?dist}
 License: ISC
 Group: Applications/System
 URL: http://www.courtesan.com/sudo/
@@ -148,7 +148,8 @@ Patch57: sudo-1.8.6p3-visudo-quiet-flag.patch
 Patch58: sudo-1.8.6p7-noexec-update.patch
 # 1455401 - CVE-2017-1000367 sudo: Privilege escalation in via improper get_process_ttyname() parsing [rhel-7.3.z]
 Patch59: sudo-1.8.6p7-tty-name-parsing.patch
-
+# 1459410 - CVE-2017-1000368 sudo: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367) [rhel-7.3.z]
+Patch60: sudo-1.8.6p7-CVE-2017-1000368.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -232,6 +233,7 @@ plugins that use %{name}.
 %patch57 -p1 -b .visudo-quiet-flag
 %patch58 -p1 -b .noexec-update
 %patch59 -p1 -b .tty-parsing
+%patch60 -p1 -b .CVE-2017-1000368
 
 %build
 autoreconf -I m4 -fv --install
@@ -353,6 +355,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/sudo_plugin.8*
 
 %changelog
+* Wed Jun 07 2017 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-23
+- Fixes CVE-2017-1000367
+  Resolves: rhbz#1459410
+
 * Mon May 29 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.6p7-22
 - Fixes CVE-2017-1000367 sudo: Privilege escalation in via improper get_process_ttyname() parsing [rhel-7.3.z]
   Resolves: rhbz#1455401