diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-gshadow-handle-erange.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-gshadow-handle-erange.patch
new file mode 100644
index 0000000000..7ccf8aef88
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-gshadow-handle-erange.patch
@@ -0,0 +1,31 @@
+--- gshadow/fgetsgent_r.c
++++ gshadow/fgetsgent_r.c
+@@ -37,6 +37,7 @@
+ 	       struct sgrp **result)
+ {
+   char *p;
++  int rc;
+ 
+   _IO_flockfile (stream);
+   do
+@@ -64,11 +65,18 @@
+     } while (*p == '\0' || *p == '#' ||	/* Ignore empty and comment lines.  */
+ 	     /* Parse the line.  If it is invalid, loop to
+ 		get the next line of the file to parse.  */
+-	     ! parse_line (buffer, (void *) resbuf, (void *) buffer, buflen,
+-			   &errno));
++	     !(rc = parse_line (buffer, (void *) resbuf,
++				(void *) buffer, buflen, &errno)));
+ 
+   _IO_funlockfile (stream);
+ 
++  if (rc < 0)
++    {
++      *result = NULL;
++      __set_errno (ERANGE);
++      return errno;
++    }
++
+   *result = resbuf;
+   return 0;
+ }
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.21-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.21-r4.ebuild
similarity index 97%
rename from sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.21-r3.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.21-r4.ebuild
index 6620d62007..fb49307fff 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.21-r3.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.21-r4.ebuild
@@ -160,6 +160,9 @@ eblit-src_unpack-pre() {
 eblit-src_prepare-post() {
 	cd "${S}"
 
+	einfo "Patching to avoid segfaults on long /etc/gshadow lines"
+	epatch "${FILESDIR}"/2.23/glibc-2.23-gshadow-handle-erange.patch
+
 	if use hardened ; then
 		einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
 		gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch