diff --git a/.cvsignore b/.cvsignore
index 857b43c..23b8a9a 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-libtool-2.2.6a.tar.lzma
+libtool-2.2.6b.tar.lzma
diff --git a/libtool.spec b/libtool.spec
index 6c49ce6..679f41f 100644
--- a/libtool.spec
+++ b/libtool.spec
@@ -2,11 +2,11 @@
 
 Summary: The GNU Portable Library Tool
 Name:    libtool
-Version: 2.2.6
-Release: 14%{?dist}
+Version: 2.2.6b
+Release: 1%{?dist}
 License: GPLv2+ and LGPLv2+ and GFDL
 Group:   Development/Tools
-Source:  http://ftp.gnu.org/gnu/libtool/libtool-%{version}a.tar.lzma
+Source:  http://ftp.gnu.org/gnu/libtool/libtool-%{version}.tar.lzma
 Patch0:  libtool-2.2.6a-rpath.patch
 URL:     http://www.gnu.org/software/libtool/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u} -n)
@@ -142,6 +142,10 @@ fi
 
 
 %changelog
+* Tue Dec 01 2009 Karsten Hopp <karsten@redhat.com> 2.2.6b-1
+- update to 2.2.6b, fixes CVE-2009-3736:
+  libltdl may load and execute code from a library in the current directory
+
 * Wed Aug 12 2009 Ville Skyttä <ville.skytta@iki.fi> - 2.2.6-14
 - Use lzma compressed upstream tarball.
 
diff --git a/sources b/sources
index 81ee173..2d32d92 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-b121e4848cc53fdd69e796aed73b9ccf  libtool-2.2.6a.tar.lzma
+a4b36980765003b47dd75ac9429f4f11  libtool-2.2.6b.tar.lzma