Created attachment 10427 [details]
Screenshot of plasma panel

Issues in quick test on 64 bit, Plasma

a) in tiled desktop mode i moved program windows across screens, and everything froze except for mouse pointer.

Then i switched to a text console (Ctrl-Alt-F2), logged in, and checked journal - but dod not see anything that worried me.  When i switched back desktop worked again, but 

b) the Plasma panel at screen bottom have weird program text and clock. (see attached)



System: my worstation; 4k screen, nvidia proprietary driver.
Using all updates incl updates_testing, incl kernel desktop 4.14.78-1

I think i have seen a) some week ago so it may be an issue unrelated to this update.  But b) i have never seen before.

CC: (none) => fri

Further testing:

I have a bash script that at DE login launches several applications with delay in between.  I also have BOINC eating most of my CPU + GPU.

It seems that if i let all the applications launch before i go to tiled mode and toss them around to different desktops, everything is OK.

But if i go to tiled mode while they are launching, and also launches login popups for mail etc, then display gets frozen except mouse pointer, and  if i shift to text screen Ctrl-Alt-F2 and back quickly now, screen got black + mouse hand pointer, and after some seconds desktop appeared, with a system tray popup something like kwin got restarted due to graphics problems.  And then now it works OK, no text problems like in c 1.

Difference to c 1 is that now i was at text screen only a couple seconds.

In short i think this is not a big problem, but the bog gets trigged by the massive CPU and GPU load in combination with dragging windows between desktops in tiled mode on a 4k screen...

And it may be some other update at least in combination, as this system is fully updated to updates_testing.

I have not seen any other issue in a couple hours time surfing, textedit, video, screengrab.

Debian has issued an advisory for this on October 25:
https://www.debian.org/security/2018/dsa-4328

Advisory, added to svn:

type: security
subject: Updated x11-server packages fix security vulnerability
CVE:
 - CVE-2018-14665
src:
  6:
   core:
     - x11-server-1.19.5-1.2.mga6
description: |
  A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission
  check for -modulepath and -logfile options when starting Xorg. X server
  allows unprivileged users with the ability to log in to the system via
  physical console to escalate their privileges and run arbitrary code under
  root privileges (CVE-2018-14665).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=23757
 - https://www.openwall.com/lists/oss-security/2018/10/25/1

Keywords: (none) => advisory
CC: (none) => tmb

I've confirmed on x86_64 that the current
x11-server-xorg-1.19.5-1.1.mga6 in updates is vulnerable, and that the
upstream fix merged in x11-server-xorg-1.19.5-1.2.mga6 in
updates_testing blocks the exploit.

Physical Hardware
AMD Athlon(tm) II X3 450 Processor
GF108 [GeForce GT 730]

Desktop: Gnome X.org

# uname -a
Linux linux.local 4.14.78-desktop-1.mga6 #1 SMP Sun Oct 21 20:31:12 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux




# urpmi x11-server
Package x11-server-1.19.5-1.2.mga6.x86_64 is already installed

I've been running this a few hours already, seems to be working as designed.

Also took liberty and installed x11-server x11-server-1.19.5-1.2 (even though it wasn't installed before).  Installed without issue

x86_64 working as designed with nvidia and xorg-Gnome.

CC: (none) => brtians1

on mga6-64  plasma

packages installed cleanly:
- x11-server-common-1.19.5-1.2.mga6.x86_64
- x11-server-xorg-1.19.5-1.2.mga6.x86_64
- x11-server-xwayland-1.19.5-1.2.mga6.x86_64

no regressions noted
I do not play games or use plasma's desktop effects

OK for me on mga6-64 on this system:

Graphics:  Card: Intel HD Graphics 530
           Display Server: Mageia X.org 119.5 drivers: v4l,intel Resolution: 1920x1080@60.00hz
           GLX Renderer: Mesa DRI Intel HD Graphics 530 (Skylake GT2) GLX Version: 3.0 Mesa 17.3.9



Updated packages also OK on mga6-64 and mga6-32 vbox clients, both using plasma

CC: (none) => jim

Working ok on my systems. No others have reported problems, so validating.

Whiteboard: (none) => MGA6-64-OK
Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0421.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED