diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index 103e8fd534..0c0d90abff 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -81,6 +81,9 @@
 =sys-libs/libsemanage-3.1-r2 ~arm64
 =sys-libs/libsepol-3.1 ~arm64
 
+# Needed to fix CVE-2023-29491.
+=sys-libs/ncurses-6.4_p20230527 ~amd64 ~arm64
+
 # A dependency of app-shells/bash version that we need for security
 # fixes.
 =sys-libs/readline-8.2_p1 ~amd64 ~arm64
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask
index 9ac55e2060..daa49a7cce 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask
@@ -1,3 +1,8 @@
+# Overwrite portage-stable mask. The regressions that this version of
+# ncurses caused are in Gentoo packages that we don't have in
+# Flatcar. And we need it for a security fix.
+=sys-libs/ncurses-6.4_p20230527
+
 # Overwrite portage-stable mask. We are delaying the transition to
 # libxcrypt, because we need to figure out how to solve the dep loop
 # that results from the migration (python -> virtual/libcrypt ->