Hei thanks @shybry747 for this post.
I know vulnerabilities might be nasty, but I’m sure mostly often updated distros as Fedora will have the hotfix soon, I’m guessing 1 week maximum and development team will release the update.
The only defence we having against these CVEs is keeping the system often updated. The problem would be more consistent using Ubuntu or some Debian stable derivates, in this case packages versions are stuck for months. (I just checked Debian stable currently is using sudo version 1.9.13p3)
For a home user he might either don’t know anything about CVEs, so Ubuntu usage will not be a daily problem for him. For a professional user instead he need to update soon. In case of Debian stable for having the last package version you might claw some critical updates from sid repository when you heard something as CVEs.