diff --git a/cloud-init-long-pass.patch b/cloud-init-long-pass.patch
new file mode 100644
index 0000000..08fa87c
--- /dev/null
+++ b/cloud-init-long-pass.patch
@@ -0,0 +1,11 @@
+--- cloudinit/config/cc_set_passwords.py.orig
++++ cloudinit/config/cc_set_passwords.py
+@@ -236,7 +236,7 @@ def handle(_name, cfg, cloud, log, args)
+         raise errors[-1]
+ 
+ 
+-def rand_user_password(pwlen=9):
++def rand_user_password(pwlen=20):
+     return util.rand_str(pwlen, select_from=PW_SET)
+ 
+ 
diff --git a/cloud-init.changes b/cloud-init.changes
index 2d2beda..74c5cf2 100644
--- a/cloud-init.changes
+++ b/cloud-init.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Feb 13 14:07:50 UTC 2020 - Robert Schweikert <rjschwei@suse.com>
+
+- Add cloud-init-long-pass.patch (bsc#1162936, CVE-2020-8632)
+  + Increase the default length of generated passwords
+
 -------------------------------------------------------------------
 Wed Feb 12 22:37:57 UTC 2020 - Robert Schweikert <rjschwei@suse.com>
 
diff --git a/cloud-init.spec b/cloud-init.spec
index 29cbe9d..c6cd5f2 100644
--- a/cloud-init.spec
+++ b/cloud-init.spec
@@ -46,6 +46,7 @@ Patch56:        cloud-init-sysconf-path.patch
 # FIXME (lp#1860164)
 Patch57:        cloud-init-no-tempnet-oci.patch
 Patch58:        cloud-init-use-different-random-src.diff
+Patch59:        cloud-init-long-pass.patch
 
 BuildRequires:  fdupes
 BuildRequires:  filesystem
@@ -192,6 +193,7 @@ Documentation and examples for cloud-init tools
 %patch56
 %patch57
 %patch58 -p1
+%patch59
 
 %build
 %if 0%{?suse_version} && 0%{?suse_version} <= 1315