diff --git a/curl-invalid-free.patch b/curl-invalid-free.patch
new file mode 100644
index 0000000..a7e34d6
--- /dev/null
+++ b/curl-invalid-free.patch
@@ -0,0 +1,91 @@
+From 19e775b499c5c3cc7ec717af7c1e764f42817369 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 18 Jun 2017 17:54:55 +0200
+Subject: [PATCH] PIPELINING_SERVER_BL: cleanup the internal list use
+
+The list was freed incorrectly since the llist refactor of
+cbae73e1dd959. Aded test 1550 to verify that it works and avoid future
+regressions.
+
+Reported-by: Pascal Terjan
+
+Fixes #1584
+---
+ lib/pipeline.c             | 37 +++++++++++++++----------------------
+ tests/data/Makefile.inc    |  1 +
+ tests/data/test1550        | 29 +++++++++++++++++++++++++++++
+ tests/libtest/Makefile.inc |  8 ++++++++
+ tests/libtest/lib1550.c    | 39 +++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 92 insertions(+), 22 deletions(-)
+ create mode 100644 tests/data/test1550
+ create mode 100644 tests/libtest/lib1550.c
+
+diff --git a/lib/pipeline.c b/lib/pipeline.c
+index b8d2037452..4d41b04139 100644
+--- a/lib/pipeline.c
++++ b/lib/pipeline.c
+@@ -230,28 +230,27 @@ CURLMcode Curl_pipeline_set_site_blacklist(char **sites,
+   return CURLM_OK;
+ }
+ 
++struct blacklist_node {
++  struct curl_llist_element list;
++  char server_name[1];
++};
++
+ bool Curl_pipeline_server_blacklisted(struct Curl_easy *handle,
+                                       char *server_name)
+ {
+   if(handle->multi && server_name) {
+-    struct curl_llist *blacklist =
++    struct curl_llist *list =
+       Curl_multi_pipelining_server_bl(handle->multi);
+ 
+-    if(blacklist) {
+-      struct curl_llist_element *curr;
+-
+-      curr = blacklist->head;
+-      while(curr) {
+-        char *bl_server_name;
+-
+-        bl_server_name = curr->ptr;
+-        if(strncasecompare(bl_server_name, server_name,
+-                           strlen(bl_server_name))) {
+-          infof(handle, "Server %s is blacklisted\n", server_name);
+-          return TRUE;
+-        }
+-        curr = curr->next;
++    struct curl_llist_element *e = list->head;
++    while(e) {
++      struct blacklist_node *bl = (struct blacklist_node *)e;
++      if(strncasecompare(bl->server_name, server_name,
++                         strlen(bl->server_name))) {
++        infof(handle, "Server %s is blacklisted\n", server_name);
++        return TRUE;
+       }
++      e = e->next;
+     }
+ 
+     DEBUGF(infof(handle, "Server %s is not blacklisted\n", server_name));
+@@ -259,11 +258,6 @@ bool Curl_pipeline_server_blacklisted(struct Curl_easy *handle,
+   return FALSE;
+ }
+ 
+-struct blacklist_node {
+-  struct curl_llist_element list;
+-  char server_name[1];
+-};
+-
+ CURLMcode Curl_pipeline_set_server_blacklist(char **servers,
+                                              struct curl_llist *list)
+ {
+@@ -286,8 +280,7 @@ CURLMcode Curl_pipeline_set_server_blacklist(char **servers,
+       }
+       strcpy(n->server_name, *servers);
+ 
+-      Curl_llist_insert_next(list, list->tail, n->server_name,
+-                             &n->list);
++      Curl_llist_insert_next(list, list->tail, n, &n->list);
+       servers++;
+     }
+   }
diff --git a/curl-mini.changes b/curl-mini.changes
index e287ca9..40112e9 100644
--- a/curl-mini.changes
+++ b/curl-mini.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Jun 20 11:30:01 UTC 2017 - idonmez@suse.com
+
+- Add curl-invalid-free.patch to fix an invalid free in
+  curl_multi_setopt function.
+
 -------------------------------------------------------------------
 Wed Jun 14 11:19:16 UTC 2017 - idonmez@suse.com
 
diff --git a/curl-mini.spec b/curl-mini.spec
index ad4478a..eae99dc 100644
--- a/curl-mini.spec
+++ b/curl-mini.spec
@@ -45,6 +45,7 @@ Source4:        https://daniel.haxx.se/mykey.asc#/curl.keyring
 Patch0:         libcurl-ocloexec.patch
 Patch1:         dont-mess-with-rpmoptflags.diff
 Patch2:         curl-secure-getenv.patch
+Patch3:         curl-invalid-free.patch
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
 %if !0%{?bootstrap}
@@ -122,6 +123,7 @@ user interaction or any kind of interactivity.
 %patch0
 %patch1
 %patch2
+%patch3 -p1
 
 %build
 # curl complains if macro definition is contained in CFLAGS
diff --git a/curl.changes b/curl.changes
index e287ca9..40112e9 100644
--- a/curl.changes
+++ b/curl.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Jun 20 11:30:01 UTC 2017 - idonmez@suse.com
+
+- Add curl-invalid-free.patch to fix an invalid free in
+  curl_multi_setopt function.
+
 -------------------------------------------------------------------
 Wed Jun 14 11:19:16 UTC 2017 - idonmez@suse.com
 
diff --git a/curl.spec b/curl.spec
index 6c5bf78..4e2f4e2 100644
--- a/curl.spec
+++ b/curl.spec
@@ -43,6 +43,7 @@ Source4:        https://daniel.haxx.se/mykey.asc#/curl.keyring
 Patch0:         libcurl-ocloexec.patch
 Patch1:         dont-mess-with-rpmoptflags.diff
 Patch2:         curl-secure-getenv.patch
+Patch3:         curl-invalid-free.patch
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
 %if !0%{?bootstrap}
@@ -120,6 +121,7 @@ user interaction or any kind of interactivity.
 %patch0
 %patch1
 %patch2
+%patch3 -p1
 
 %build
 # curl complains if macro definition is contained in CFLAGS