diff --git a/changelog/security/2023-10-10-glibc-update.md b/changelog/security/2023-10-10-glibc-update.md
new file mode 100644
index 0000000000..8a1cc4cc62
--- /dev/null
+++ b/changelog/security/2023-10-10-glibc-update.md
@@ -0,0 +1 @@
+- glibc ([CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911))
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest
index 8ec8777855..4ae3c2dbb3 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest
@@ -1,4 +1,4 @@
 DIST gcc-multilib-bootstrap-20201208.tar.xz 5528452 BLAKE2B 16699a6e4df5b2f28a21776ae9e3728b26a9ea251f5580aa5349545ad7c9f6145b9cb6a12ca8f5f96b9cb2a3c70b7e66ca702e4c6f083ac00408e0a20a69e613 SHA512 a243f505e17d0a7e144e8713c077582412f61d6cf7f79baa846de4fb77f5e0f27e11c9a785e14624e04ac52287b32164e7995323aa11caef59113ac438254347
-DIST glibc-2.37-patches-7.tar.xz 67408 BLAKE2B 0ac88c420020f32a2447a6cd8e931c95cf9438003b504ee69c5f4af551e060dd49919367d1554d99ed7dad331116e57dde8ce94975f1d1920141c13a16666236 SHA512 0de4ac41eff88f23a1b2d824219356443d79ecf1a08139028bba40a12b730df0f7df84d660b366ecd0a1801f708eff070bc121ab04cdad87a9498802b1c174c0
+DIST glibc-2.37-patches-10.tar.xz 72768 BLAKE2B 20501519a570a5d277a3c1460373edea4131602b07037a81d855f1dcbc5b8d40fa6edae500a9f30e9541389dc1b4a7406cbee8e8a85a3131932e23f807e1b211 SHA512 f1e3791befa98ec5a83c919f6563c4c0c9e7bb2bf53bd0adf9235344d914a8d127f2da595a6850fd75b6828a81914241f8964bf004070888fbc77795f0f727cc
 DIST glibc-2.37.tar.xz 18674604 BLAKE2B 8139cd977b2ed3bfdbde5ffb1cda8f759763dbb83071167272fef798cfbdc0d17cfd1ec893d126c52c91511b7961f3ad12eed34534b99412dfa04a1cdd5b4ea3 SHA512 4fc5932f206bb1b8b54828a28af1a681616b838bbab60c81c82155f3629cbfe1301d271af65511ed917f4c6949a025429221fe6035753282f15346919f15b90c
 DIST glibc-systemd-20210729.tar.gz 1480 BLAKE2B 37722c7579df782d890e44dbab99c3de52ab466eb9de80d82405e9bb5620bf39ffc8c5f466a435bdb86ef6d36dd7019c0736573916bda6c67d02a2581e0ec979 SHA512 efd75af58b50522c28cdac7abd1fc56555bc1bb042512c90d8340c1ec09c5791b3872a305bf83723252bbde5855b75d958c041083457765c4cfd170732d09238
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.37-r5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.37-r7.ebuild
similarity index 99%
rename from sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.37-r5.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.37-r7.ebuild
index f071bac3b4..63769cfee4 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.37-r5.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.37-r7.ebuild
@@ -20,7 +20,7 @@ SLOT="2.2"
 EMULTILIB_PKG="true"
 
 # Gentoo patchset (ignored for live ebuilds)
-PATCH_VER=7
+PATCH_VER=10
 PATCH_DEV=dilfridge
 
 # gcc mulitilib bootstrap files version
@@ -39,7 +39,7 @@ MIN_PAX_UTILS_VER="1.3.3"
 if [[ ${PV} == 9999* ]]; then
 	inherit git-r3
 else
-	KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+	KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
 	SRC_URI="mirror://gnu/glibc/${P}.tar.xz"
 	SRC_URI+=" https://dev.gentoo.org/~${PATCH_DEV}/distfiles/${P}-patches-${PATCH_VER}.tar.xz"
 fi