The notification happen when the fix was shipped. That people would prefer to been spoon fed only serious security issues is understandable, but not realistic.

A large percentage of kernel fixes have the potential to be similarly bad. For some the potential isn't even realized until after the fix has shipped.

Ever stable release GregKH says you must upgrade now, because there is something security relevant in there. This happens at least once a week.

As for shared hosting providers it is my sense that there is always at least one local privilege escalation available to miscreants. Making shared hosting only safe if there is a certain amount of trust.

I remember bugs that were similarly bad from my university days 30+ years ago. Has anything substantially changed?