Any flaw is unacceptable, but to my untrained eye, this one doesn't look very serious.
As Eric points out, the hacker must already have shell access on the machine.
If I'm reading things correctly [1]., this is how it works...
As with every exploit, the hacker wants to escalate his privileges to those of the 'root' (administrator) user.
To do that, he needs access to the 'su' (superuser) program, or to another executable with its setuid bit set to root.
He runs that program, and using his 'sploit, he modifies the process memory and spawns his own process to gain a root shell. That's quite a lot of requirements.
I just noticed that Ubuntu 11.10 has automatically installed a new kernel. Was that to rollout the patch for this?
The machine was running this:
Linux core2quad 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
Now it's running this..
Linux core2quad 3.0.0-15-generic #26-Ubuntu SMP Fri Jan 20 17:23:00 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
[1]
http://blog.zx2c4.com/749