Ubuntu
glibc package

"Could not create socket" with apt update when update libc6 to 2.35-0ubuntu3.5 and using nscd

Bug #2047155 reported by kmytthmm2233
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
glibc (Ubuntu)
Fix Released
Undecided
Camila Camargo de Matos

Bug Description

1) lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04

2) apt-cache policy libc6
libc6:
  Installed: 2.35-0ubuntu3.5
  Candidate: 2.35-0ubuntu3.5
  Version table:
 *** 2.35-0ubuntu3.5 500
        500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu jammy-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2.35-0ubuntu3 500
        500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages

3) apt-get update or apt update are successfully done.

4) Could not create a socket and failure command.
Error messages are followings.

$ sudo apt update
Ign:1 http://archive.ubuntu.com/ubuntu jammy InRelease
Ign:2 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:3 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:4 http://archive.ubuntu.com/ubuntu jammy-security InRelease
Err:5 http://archive.ubuntu.com/ubuntu jammy Release
  Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol)
Err:6 http://archive.ubuntu.com/ubuntu jammy-updates Release
  Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol)
Err:7 http://archive.ubuntu.com/ubuntu jammy-backports Release
  Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol)
Err:8 http://archive.ubuntu.com/ubuntu jammy-security Release
  Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol) Could not create a socket for (f=0 t=1 p=6) - socket (97: Address family not supported by protocol)
Reading package lists... Done
E: The repository 'http://archive.ubuntu.com/ubuntu jammy Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-updates Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-backports Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-security Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

To reproduce
* Install OS
* Having only IPv6 interface
* Install nscd
* Upgrade libc6 to 2.35-0ubuntu3.5

CVE References

Revision history for this message
James Dingwall (a-james-launchpad) wrote (last edit ):

I believe I have encountered a related problem which has broken my freeradius setup. With nscd running:

# sudo -u freerad -g freerad strace -ff -o /tmp/log /usr/sbin/freeradius $FREERADIUS_OPTIONS -X -Cx -lstdout
...
Mon Jan 1 17:39:32 2024 : Error: /etc/freeradius/3.0/clients.conf[297]: Failed parsing configuration item "ipv6addr" - ip_hton failed to find requested information for host ap1.example.com
Mon Jan 1 17:39:32 2024 : Error: /etc/freeradius/3.0/clients.conf[297]: Error parsing client section

Stopping nscd and the configuration check passes without error and the service starts. The freeradius client is defined:

client ap1.example.com_6 {
        ipv6addr = ap1.example.com
        secret = sharedsecret
}

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.3 LTS
Release: 22.04
Codename: jammy

# apt-cache policy nscd
nscd:
  Installed: 2.35-0ubuntu3.5
  Candidate: 2.35-0ubuntu3.5
  Version table:
 *** 2.35-0ubuntu3.5 500
        500 http://gb.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages
        500 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages
        100 /var/lib/dpkg/status
     2.35-0ubuntu3 500
        500 http://gb.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in glibc (Ubuntu):
status: New → Confirmed
Revision history for this message
James Dingwall (a-james-launchpad) wrote :

Here is a short test program which demonstrates behaviour with/without nscd:

#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <arpa/inet.h>

extern
int main(int argc, char *argv[])
{
    struct addrinfo hints;
    struct addrinfo *rp, *result;
    struct sockaddr *sa;
    int rc;
    char s[INET6_ADDRSTRLEN];
    size_t slen = sizeof(s);

    memset(&hints, 0, sizeof(hints));

    switch(atoi(argv[1])) {
    case 4:
        hints.ai_family = AF_INET;
        break;
    case 6:
        hints.ai_family = AF_INET6;
        break;
    default:
        hints.ai_family = AF_UNSPEC;
        break;
    }

    rc = getaddrinfo(argv[2], NULL, &hints, &result);
    if(rc) {
        fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(rc));
        exit(EXIT_FAILURE);
    }

    for (rp = result; rp != NULL; rp = rp->ai_next) {
        sa = rp->ai_addr;
        switch(sa->sa_family) {
             case AF_INET:
                 inet_ntop(AF_INET, &(((struct sockaddr_in *)sa)->sin_addr), s, slen);
                 fprintf(stderr, "result (IPv4): %s\n", s);
                 break;
             case AF_INET6:
                 inet_ntop(AF_INET6, &(((struct sockaddr_in6 *)sa)->sin6_addr), s, slen);
                 fprintf(stderr, "result (IPv6): %s\n", s);
                 break;
             default:
                 fprintf(stderr, "Unknown AF: %d\n", sa->sa_family);
                 break;
        }
    }

    return 0;
}

nscd running:

$ ./a.out 0 ap1.example.com
result (IPv6): x:x:x:x::x:c
result (IPv6): x:x:x:x::x:c
result (IPv6): x:x:x:x::x:c
result (IPv4): x.x.x.12
result (IPv4): x.x.x.12
result (IPv4): x.x.x.12
$ ./a.out 4 ap1.example.com
result (IPv4): x.x.x.12
result (IPv4): x.x.x.12
result (IPv4): x.x.x.12
$ ./a.out 6 ap1.example.com
Unknown AF: 0
Unknown AF: 0
Unknown AF: 0

nscd not running:

$ ./a.out 0 ap1.example.com
result (IPv6): x:x:x:x::x:c
result (IPv6): x:x:x:x::x:c
result (IPv6): x:x:x:x::x:c
result (IPv4): x.x.x.12
result (IPv4): x.x.x.12
result (IPv4): x.x.x.12
$ ./a.out 4 ap1.example.com
result (IPv4): x.x.x.12
result (IPv4): x.x.x.12
result (IPv4): x.x.x.12
$ ./a.out 6 ap1.example.com
result (IPv6): x:x:x:x::x:c
result (IPv6): x:x:x:x::x:c
result (IPv6): x:x:x:x::x:c

Revision history for this message
Simon Chopin (schopin) wrote :

Marking as Public Security since this seems related to the glibc security update.

information type: Public → Public Security
Revision history for this message
Simon Chopin (schopin) wrote :

I can't reproduce this using launchpad.net, but I'm also noticing that the results don't come in the same order, as ./a.out 0 launchpad.net shows me the IPv4 first.

Camila Camargo de Matos (ccdm94)
Changed in glibc (Ubuntu):
assignee: nobody → Camila Camargo de Matos (ccdm94)
Revision history for this message
Camila Camargo de Matos (ccdm94) wrote :

I was able to reproduce this in jammy. I will investigate more to try to understand the cause of the issue, and how the security update might have affected nscd.

Revision history for this message
Camila Camargo de Matos (ccdm94) wrote (last edit ):

After some investigation and testing, I was able to verify that the last jammy security update, which included, together with the actual CVE patches, various refactoring commits, was missing some of these said refactoring commits (some of which also included bug fixes along with the refactoring), including one commit which was related to a bug that was occurring in nscd. I will start working on a new version of this package that will include said missing commits.

Changed in glibc (Ubuntu):
status: Confirmed → In Progress
Revision history for this message
Camila Camargo de Matos (ccdm94) wrote (last edit ):

I have prepared an update to fix this issue, and intend to publish it as soon as the new package has gone through our QA process (to guarantee no other regressions are introduced). The new package version has so far been tested with the previously provided test program and according to results and other tests, it seems like the issue is resolved.

Meanwhile, if possible, please test it to make sure the new version resolves the issues in your environment, and comment in this bug with any results/feedback.

The updated package can be found in the following PPA:
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/
(glibc - 2.35-0ubuntu3.6 is the new version)

Revision history for this message
kmytthmm2233 (kmytthmm2233) wrote :

Thanks Camila, this issue is gone with the ppa package(2.35-0ubuntu3.6) in my environment.

Revision history for this message
Camila Camargo de Matos (ccdm94) wrote :

Thank you for the feedback! Testing for this new version of the package is still ongoing. Once it is confirmed that no other regressions/issues are introduced, it will be published to the security pocket.

Revision history for this message
James Dingwall (a-james-launchpad) wrote :

Thanks, this also resolves the problem I was experiencing with the freeradius startup.

Revision history for this message
Camila Camargo de Matos (ccdm94) wrote :

Thank you for the feedback, James!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glibc - 2.35-0ubuntu3.6

---------------
glibc (2.35-0ubuntu3.6) jammy-security; urgency=medium

  * SECURITY REGRESSION: incorrect processing of address family with nscd
    (LP: #2047155)
    - debian/patches/lp2047155/lp2047155-refactor-bits-for-readability.patch:
      split out line processing for 'label', 'precedence' and 'scopev4' into
      separate functions (gaiconf_inet).
    - debian/patches/lp2047155/lp2047155-avoid-if-to-else-jump.patch: clean up
      another antipattern where code flows from an if condition to its else
      counterpart with a goto (gai_init).
    - debian/patches/lp2047155/lp2047155-refactor-code-for-readability.patch:
      refactor the code and make it easier to follow by removing the confusing
      close_retry goto jump (getaddrinfo).
    - debian/patches/lp2047155/
      lp2047155-get-nscd-addresses-fix-subscript-typos.patch: fix the
      subscript on air->family, which was accidentally set to 'count' when it
      should have remained as 'i' (get_nscd_addresses).
    - CVE-2023-4806

 -- Camila Camargo de Matos <email address hidden> Tue, 02 Jan 2024 10:22:42 -0300

Changed in glibc (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.