diff --git a/0008-curl-7.47.1-CVE-2016-5421.patch b/0008-curl-7.47.1-CVE-2016-5421.patch
new file mode 100644
index 0000000..d60febf
--- /dev/null
+++ b/0008-curl-7.47.1-CVE-2016-5421.patch
@@ -0,0 +1,34 @@
+From 31c621ee6dcc793cf3b11e4c062f396d3bdfb503 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 31 Jul 2016 01:09:04 +0200
+Subject: [PATCH] curl_multi_cleanup: clear connection pointer for easy handles
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE-2016-5421
+Bug: https://curl.haxx.se/docs/adv_20160803C.html
+Reported-by: Marcelo Echeverria and Fernando Muñoz
+
+Upstream-commit: 75dc096e01ef1e21b6c57690d99371dedb2c0b80
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/multi.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/multi.c b/lib/multi.c
+index b63f8bf..3ff5e86 100644
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -1841,6 +1841,8 @@ static void close_all_connections(struct Curl_multi *multi)
+     conn->data = multi->closure_handle;
+ 
+     sigpipe_ignore(conn->data, &pipe_st);
++    conn->data->easy_conn = NULL; /* clear the easy handle's connection
++                                     pointer */
+     /* This will remove the connection from the cache */
+     (void)Curl_disconnect(conn, FALSE);
+     sigpipe_restore(&pipe_st);
+-- 
+2.5.5
+
diff --git a/curl.spec b/curl.spec
index 3059ba5..0d76942 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.43.0
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@@ -28,6 +28,9 @@ Patch6: 0006-curl-7.43.0-effa575f.patch
 # fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)
 Patch7:   0007-curl-7.49.1-urlglob.patch
 
+# fix use of connection struct after free (CVE-2016-5421)
+Patch8:   0008-curl-7.47.1-CVE-2016-5421.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
@@ -145,6 +148,7 @@ documentation of the library, too.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -264,6 +268,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Wed Aug 03 2016 Kamil Dudka <kdudka@redhat.com> 7.43.0-8
+- fix use of connection struct after free (CVE-2016-5421)
+
 * Fri Jun 03 2016 Kamil Dudka <kdudka@redhat.com> 7.43.0-7
 - fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)