This just came out:
Basically, 9.9/10 severity is a nightmare. RCE means people can execute code on your machine remotely, and 9.9/10 probably means root permissions. This is as bad as it gets. Even worse, the security analyst reporting this says the developers were not interested in fixing it and rather spent time explaining why their code is great and he’s stupid, which is absolutely typical for Linux people.
Canonical and Red Hat confirm the vulnerability and its severity rating.
So, when Linux people tell you Linux is better than Windows and Mac, and everybody should switch to it, just have in mind that an open source project was just caught with its pants down, having a 9.9/10 severity remote code execution bug FOR A DECADE without anyone noticing until now.
Edit: It turned out it’s not super terrible. The vulnerability is in CUPS, and the machine needs to be connected to the Internet without firewall in order for the attack to work, which is not a normal condition, however the CUPS code has more holes than Emmentaler cheese and uninstalling cups-browsed is recommended.