diff --git a/.gitignore b/.gitignore
index 7da192c..bb16d4b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -52,3 +52,4 @@ samba-3.6.0pre1.tar.gz
 /samba-4.2.3.tar.xz
 /samba-4.2.5.tar.xz
 /samba-4.2.6.tar.xz
+/samba-4.2.7.tar.xz
diff --git a/samba.spec b/samba.spec
index 4e83c8b..a91f982 100644
--- a/samba.spec
+++ b/samba.spec
@@ -8,12 +8,12 @@
 
 %define main_release 0
 
-%define samba_version 4.2.6
+%define samba_version 4.2.7
 %define talloc_version 2.1.2
 %define ntdb_version 1.0
 %define tdb_version 1.3.6
 %define tevent_version 0.9.25
-%define ldb_version 1.1.20
+%define ldb_version 1.1.24
 # This should be rc1 or nil
 %define pre_release %nil
 
@@ -195,7 +195,7 @@ BuildRequires: python-tevent >= %{libtevent_version}
 %endif
 
 %if ! %with_internal_ldb
-%global libldb_version 1.1.20
+%global libldb_version 1.1.24
 
 BuildRequires: libldb-devel >= %{libldb_version}
 BuildRequires: pyldb-devel >= %{libldb_version}
@@ -1945,6 +1945,17 @@ rm -rf %{buildroot}
 %endif # with_clustering_support
 
 %changelog
+* Wed Dec 16 2015 Guenther Deschner <gdeschner@redhat.com> - 4.2.7-0
+- Update to Samba 4.2.7
+- resolves: #1292069
+- CVE-2015-3223 Remote DoS in Samba (AD) LDAP server
+- CVE-2015-5252 Insufficient symlink verification in smbd
+- CVE-2015-5296 Samba client requesting encryption vulnerable to
+                downgrade attack
+- CVE-2015-5299 Missing access control check in shadow copy code
+- CVE-2015-7540 DoS to AD-DC due to insufficient checking of asn1
+                memory allocation
+
 * Wed Dec 09 2015 Guenther Deschner <gdeschner@redhat.com> - 4.2.6-0
 - Update to Samba 4.2.6
 
diff --git a/sources b/sources
index 09c761a..085af86 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-13d8577200e9bfc94788564fb7255695  samba-4.2.6.tar.xz
+6dae77365a8b39c91914215a4281fee8  samba-4.2.7.tar.xz