diff --git a/cloud-init-use-different-random-src.diff b/cloud-init-use-different-random-src.diff
new file mode 100644
index 0000000..bdbe684
--- /dev/null
+++ b/cloud-init-use-different-random-src.diff
@@ -0,0 +1,16 @@
+diff --git a/cloudinit/util.py b/cloudinit/util.py
+index d99e82fa5..c02b3d9a5 100644
+--- a/cloudinit/util.py
++++ b/cloudinit/util.py
+@@ -397,9 +397,10 @@ def translate_bool(val, addons=None):
+ 
+ 
+ def rand_str(strlen=32, select_from=None):
++    r = random.SystemRandom()
+     if not select_from:
+         select_from = string.ascii_letters + string.digits
+-    return "".join([random.choice(select_from) for _x in range(0, strlen)])
++    return "".join([r.choice(select_from) for _x in range(0, strlen)])
+ 
+ 
+ def rand_dict_key(dictionary, postfix=None):
diff --git a/cloud-init.changes b/cloud-init.changes
index dfbf5f0..2d2beda 100644
--- a/cloud-init.changes
+++ b/cloud-init.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Feb 12 22:37:57 UTC 2020 - Robert Schweikert <rjschwei@suse.com>
+
+- Add cloud-init-use-different-random-src.diff (bsc#1162937, CVE-2020-8631)
+  + Use non-deterministic generator for password generation.
+
 -------------------------------------------------------------------
 Wed Feb 12 19:30:42 UTC 2020 - Robert Schweikert <rjschwei@suse.com>
 
diff --git a/cloud-init.spec b/cloud-init.spec
index e1400b6..29cbe9d 100644
--- a/cloud-init.spec
+++ b/cloud-init.spec
@@ -45,6 +45,7 @@ Patch55:        cloud-init-mix-static-dhcp.patch
 Patch56:        cloud-init-sysconf-path.patch
 # FIXME (lp#1860164)
 Patch57:        cloud-init-no-tempnet-oci.patch
+Patch58:        cloud-init-use-different-random-src.diff
 
 BuildRequires:  fdupes
 BuildRequires:  filesystem
@@ -190,6 +191,7 @@ Documentation and examples for cloud-init tools
 %patch55 -p0
 %patch56
 %patch57
+%patch58 -p1
 
 %build
 %if 0%{?suse_version} && 0%{?suse_version} <= 1315