diff --git a/srcpkgs/util-linux/patches/CVE-2017-2616.patch b/srcpkgs/util-linux/patches/CVE-2017-2616.patch
new file mode 100644
index 00000000000..f993c931928
--- /dev/null
+++ b/srcpkgs/util-linux/patches/CVE-2017-2616.patch
@@ -0,0 +1,37 @@
+--- login-utils/su-common.c
++++ login-utils/su-common.c
+@@ -368,6 +368,9 @@ create_watching_parent (void)
+             }
+           else
+             status = WEXITSTATUS (status);
++
++	  /* child is gone, don't use the PID anymore */
++	  child = (pid_t) -1;
+         }
+       else if (caught_signal)
+         status = caught_signal + 128;
+@@ -377,7 +380,7 @@ create_watching_parent (void)
+   else
+     status = 1;
+ 
+-  if (caught_signal)
++  if (caught_signal && child != (pid_t)-1)
+     {
+       fprintf (stderr, _("\nSession terminated, killing shell..."));
+       kill (child, SIGTERM);
+@@ -387,9 +390,12 @@ create_watching_parent (void)
+ 
+   if (caught_signal)
+     {
+-      sleep (2);
+-      kill (child, SIGKILL);
+-      fprintf (stderr, _(" ...killed.\n"));
++      if (child != (pid_t)-1)
++	{
++	  sleep (2);
++	  kill (child, SIGKILL);
++	  fprintf (stderr, _(" ...killed.\n"));
++	}
+ 
+       /* Let's terminate itself with the received signal.
+        *
diff --git a/srcpkgs/util-linux/template b/srcpkgs/util-linux/template
index a7a796acacf..6c9a19ff775 100644
--- a/srcpkgs/util-linux/template
+++ b/srcpkgs/util-linux/template
@@ -1,7 +1,7 @@
 # Template file for 'util-linux'
 pkgname=util-linux
 version=2.28.2
-revision=3
+revision=4
 short_desc="Miscellaneous linux utilities"
 maintainer="Juan RP <xtraeme@voidlinux.eu>"
 homepage="https://www.kernel.org/pub/linux/utils/util-linux/"