diff --git a/0001-core-fix-invalid-free-in-killall.patch b/0001-core-fix-invalid-free-in-killall.patch
new file mode 100644
index 00000000..23d527e8
--- /dev/null
+++ b/0001-core-fix-invalid-free-in-killall.patch
@@ -0,0 +1,32 @@
+From 3e09eb5c83e56bc0184bd9d9c44f76047464f77c Mon Sep 17 00:00:00 2001
+From: Andreas Henriksson <andreas@fatal.se>
+Date: Fri, 13 Jun 2014 18:48:19 +0200
+Subject: [PATCH] core: fix invalid free() in killall()
+
+static int killall(....) in ./src/core/killall.c tries to get "s"
+initialized by calling get_process_comm(...) which calls
+read_one_line_file(...) which if it fails will mean it is left
+uninitialized.
+It is then used in argument to strna(s) call where it is
+dereferenced(!), in addition to nothing else initializing it before
+the scope it is in finishes.
+---
+ src/core/killall.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git src/core/killall.c src/core/killall.c
+index 57ed41c..eab48f7 100644
+--- src/core/killall.c
++++ src/core/killall.c
+@@ -168,7 +168,7 @@ static int killall(int sig, Set *pids, bool send_sighup) {
+                         continue;
+ 
+                 if (sig == SIGKILL) {
+-                        _cleanup_free_ char *s;
++                        _cleanup_free_ char *s = NULL;
+ 
+                         get_process_comm(pid, &s);
+                         log_notice("Sending SIGKILL to PID "PID_FMT" (%s).", pid, strna(s));
+-- 
+1.7.9.2
+
diff --git a/0002-udev-fix-invalid-free-in-enable_name_policy.patch b/0002-udev-fix-invalid-free-in-enable_name_policy.patch
new file mode 100644
index 00000000..4afdb7ce
--- /dev/null
+++ b/0002-udev-fix-invalid-free-in-enable_name_policy.patch
@@ -0,0 +1,30 @@
+From f8a0bb5285024b6ce372c3157e761e6543ebdcd2 Mon Sep 17 00:00:00 2001
+From: Andreas Henriksson <andreas@fatal.se>
+Date: Fri, 13 Jun 2014 18:48:21 +0200
+Subject: [PATCH] udev: fix invalid free() in enable_name_policy()
+
+static bool enable_name_policy(...) in ./src/udev/net/link-config.c
+calls proc_cmdline(...) to get "line" initialized, but
+proc_cmdline(...) does not guarantee that atleast when both
+conditions (detect_container(NULL) > 0) and
+read_full_file(...) returned < 0.
+---
+ src/udev/net/link-config.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git src/udev/net/link-config.c src/udev/net/link-config.c
+index a9acc3d..7a9d01b 100644
+--- src/udev/net/link-config.c
++++ src/udev/net/link-config.c
+@@ -185,7 +185,7 @@ static int load_link(link_config_ctx *ctx, const char *filename) {
+ }
+ 
+ static bool enable_name_policy(void) {
+-        _cleanup_free_ char *line;
++        _cleanup_free_ char *line = NULL;
+         char *w, *state;
+         int r;
+         size_t l;
+-- 
+1.7.9.2
+
diff --git a/0003-install-fix-invalid-free-in-unit_file_mask.patch b/0003-install-fix-invalid-free-in-unit_file_mask.patch
new file mode 100644
index 00000000..0fe0581b
--- /dev/null
+++ b/0003-install-fix-invalid-free-in-unit_file_mask.patch
@@ -0,0 +1,30 @@
+From 223217749e57996336d5730b0a28716cca56d45d Mon Sep 17 00:00:00 2001
+From: Andreas Henriksson <andreas@fatal.se>
+Date: Fri, 13 Jun 2014 18:48:18 +0200
+Subject: [PATCH] install: fix invalid free() in unit_file_mask()
+
+int unit_file_mask(...) in ./src/shared/install.c calls
+get_config_path(...) which can in 4 error cases return without setting
+"ret", and thus "prefix" can be uninitialized when unit_file_mask(...)
+finishes (which it does directly after the error is returned from
+get_config_path(...)).
+---
+ src/shared/install.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git src/shared/install.c src/shared/install.c
+index 487d0f6..f562063 100644
+--- src/shared/install.c
++++ src/shared/install.c
+@@ -563,7 +563,7 @@ int unit_file_mask(
+                 unsigned *n_changes) {
+ 
+         char **i;
+-        _cleanup_free_ char *prefix;
++        _cleanup_free_ char *prefix = NULL;
+         int r;
+ 
+         assert(scope >= 0);
+-- 
+1.7.9.2
+
diff --git a/systemd-mini.changes b/systemd-mini.changes
index e31567ba..3f886386 100644
--- a/systemd-mini.changes
+++ b/systemd-mini.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Jun 17 14:21:56 UTC 2014 - werner@suse.de
+
+- Add upstream patches
+  0001-core-fix-invalid-free-in-killall.patch
+  0002-udev-fix-invalid-free-in-enable_name_policy.patch
+  0003-install-fix-invalid-free-in-unit_file_mask.patch
+
 -------------------------------------------------------------------
 Tue Jun 17 11:43:23 UTC 2014 - rmilasan@suse.com
 
diff --git a/systemd-mini.spec b/systemd-mini.spec
index 806b9150..2392c88a 100644
--- a/systemd-mini.spec
+++ b/systemd-mini.spec
@@ -558,6 +558,12 @@ Patch275:       0004-systemd-detect-virt-only-discover-Xen-domU.patch
 Patch276:       0005-backlight-Do-not-clamp-brightness-for-LEDs.patch
 # PATCH-FIX-UPSTREAM added at 2014/06/11
 Patch277:       0006-log-honour-the-kernel-s-quiet-cmdline-argument.patch
+# PATCH-FIX-UPSTREAM added at 2014/06/17
+Patch278:       0001-core-fix-invalid-free-in-killall.patch
+# PATCH-FIX-UPSTREAM added at 2014/06/17
+Patch279:       0002-udev-fix-invalid-free-in-enable_name_policy.patch
+# PATCH-FIX-UPSTREAM added at 2014/06/17
+Patch280:       0003-install-fix-invalid-free-in-unit_file_mask.patch
 
 # UDEV PATCHES
 # ============
@@ -1073,6 +1079,9 @@ cp %{SOURCE7} m4/
 %patch275 -p0
 %patch276 -p0
 %patch277 -p0
+%patch278 -p0
+%patch279 -p0
+%patch280 -p0
 
 # udev patches
 %patch1001 -p1
diff --git a/systemd.changes b/systemd.changes
index e31567ba..3f886386 100644
--- a/systemd.changes
+++ b/systemd.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Jun 17 14:21:56 UTC 2014 - werner@suse.de
+
+- Add upstream patches
+  0001-core-fix-invalid-free-in-killall.patch
+  0002-udev-fix-invalid-free-in-enable_name_policy.patch
+  0003-install-fix-invalid-free-in-unit_file_mask.patch
+
 -------------------------------------------------------------------
 Tue Jun 17 11:43:23 UTC 2014 - rmilasan@suse.com
 
diff --git a/systemd.spec b/systemd.spec
index 43d29325..24114d0d 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -553,6 +553,12 @@ Patch275:       0004-systemd-detect-virt-only-discover-Xen-domU.patch
 Patch276:       0005-backlight-Do-not-clamp-brightness-for-LEDs.patch
 # PATCH-FIX-UPSTREAM added at 2014/06/11
 Patch277:       0006-log-honour-the-kernel-s-quiet-cmdline-argument.patch
+# PATCH-FIX-UPSTREAM added at 2014/06/17
+Patch278:       0001-core-fix-invalid-free-in-killall.patch
+# PATCH-FIX-UPSTREAM added at 2014/06/17
+Patch279:       0002-udev-fix-invalid-free-in-enable_name_policy.patch
+# PATCH-FIX-UPSTREAM added at 2014/06/17
+Patch280:       0003-install-fix-invalid-free-in-unit_file_mask.patch
 
 # UDEV PATCHES
 # ============
@@ -1068,6 +1074,9 @@ cp %{SOURCE7} m4/
 %patch275 -p0
 %patch276 -p0
 %patch277 -p0
+%patch278 -p0
+%patch279 -p0
+%patch280 -p0
 
 # udev patches
 %patch1001 -p1