diff -up ntp-4.2.6p5/ntpd/ntp_config.c.cve-2014-9293 ntp-4.2.6p5/ntpd/ntp_config.c
--- ntp-4.2.6p5/ntpd/ntp_config.c.cve-2014-9293	2014-12-19 16:24:18.297578337 +0100
+++ ntp-4.2.6p5/ntpd/ntp_config.c	2014-12-19 16:24:18.311578368 +0100
@@ -1866,13 +1866,16 @@ config_auth(
 		req_hashlen = digest_len;
 #endif
 	} else {
-		int	rankey;
+		unsigned char rankey[16];
+
+		if (ntp_crypto_random_buf(rankey, sizeof (rankey))) {
+			msyslog(LOG_ERR, "ntp_crypto_random_buf() failed.");
+			exit(1);
+		}
 
-		rankey = ntp_random();
 		req_keytype = NID_md5;
 		req_hashlen = 16;
-		MD5auth_setkey(req_keyid, req_keytype,
-		    (u_char *)&rankey, sizeof(rankey));
+		MD5auth_setkey(req_keyid, req_keytype, rankey, sizeof(rankey));
 		authtrust(req_keyid, 1);
 	}
 
diff -up ntp-4.2.6p5/ntpd/ntpd.c.cve-2014-9293 ntp-4.2.6p5/ntpd/ntpd.c
--- ntp-4.2.6p5/ntpd/ntpd.c.cve-2014-9293	2014-12-19 16:24:02.000000000 +0100
+++ ntp-4.2.6p5/ntpd/ntpd.c	2014-12-19 16:24:18.298578339 +0100
@@ -593,6 +593,7 @@ ntpdmain(
 	get_systime(&now);
 
 	ntp_srandom((int)(now.l_i * now.l_uf));
+	ntp_crypto_srandom();
 
 #if !defined(VMS)
 # ifndef NODETACH