Arch bugfix time is usually within 24 hours.

Not a single enterprise distro even reacts within that timeframe. OVAL advisories are weeks, sometimes months later.

As long as you don't have a virtualization approach similar to QubesOS, any linux distro will not fix this problem. Because that's not how separation of concerns works in the POSIX system. You need to have separate users for each and every program to isolate them, and that is practically unfeasible.