diff --git a/openssh-6.8p1-memory-problems.patch b/openssh-6.8p1-memory-problems.patch
new file mode 100644
index 0000000..db21660
--- /dev/null
+++ b/openssh-6.8p1-memory-problems.patch
@@ -0,0 +1,25 @@
+diff --git a/servconf.c b/servconf.c
+index ad5869b..0255ed3 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -1910,6 +1910,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
+ 		dst->n = src->n; \
+ } while (0)
+ 
++	u_int i;
++
+ 	M_CP_INTOPT(password_authentication);
+ 	M_CP_INTOPT(gss_authentication);
+ 	M_CP_INTOPT(rsa_authentication);
+@@ -1947,8 +1949,10 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
+ } while(0)
+ #define M_CP_STRARRAYOPT(n, num_n) do {\
+ 	if (src->num_n != 0) { \
++		for (i = 0; i < dst->num_n; i++) \
++			free(dst->n[i]); \
+ 		for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
+-			dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
++			dst->n[dst->num_n] = src->n[dst->num_n]; \
+ 	} \
+ } while(0)
+ 
diff --git a/openssh.spec b/openssh.spec
index 8fa1699..d694951 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -220,6 +220,9 @@ Patch925: openssh-6.7p1-ssh-copy-id-truncated-keys.patch
 Patch926: openssh-6.7p1-sftp-force-permission.patch
 # Upstream bug #1878 reintroduced in openssh6.7p1
 Patch927: openssh-6.8p1-880575.patch
+# Memory problems
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2401
+Patch928: openssh-6.8p1-memory-problems.patch
 
 
 
@@ -442,6 +445,7 @@ popd
 %patch925 -p1 -b .newline
 %patch926 -p1 -b .sftp-force-mode
 %patch927 -p1 -b .bz880575
+%patch928 -p1 -b .memory
 
 %patch200 -p1 -b .audit
 %patch700 -p1 -b .fips