A critical unauthenticated Remote Code Execution (RCE) vulnerability has been discovered, impacting all GNU/Linux systems. It has been under the system's bonnet for ten years.
Despite the severity of the issue, no Common Vulnerabilities and Exposures (CVE) identifiers have been assigned yet, although experts suggest there should be at least three to six.
This is because, while leading Linux distributors such as Canonical and RedHat have confirmed the flaw's severity, rating it 9.9 out of 10, developers are embroiled in debates over whether some aspects of the vulnerability impact security.
While everyone knows that the flaw has the potential for catastrophic damage if exploited no working fix is still available.
Apparently, rather than admitting that Linux might have security issues like any software, the Linux geeks can’t accept it. Instead of fixing it, there is concern that if such a terrible security flaw exists, it is a terrible PR for the Linux and Open Source community and should not be mentioned in polite company.
In short, open saucers are in the same position as the period in Windows' history and the current stage in Apple’s history, when security flaws were kept secret rather than fixed because of PR issues.