Debian has issued an advisory today (November 5):
The issue is fixed upstream in 0.19.0.
Mageia 7 is also affected.
Fixed both Cauldron and mga7!
Updated sddm package fixes security vulnerability:
Fabian Vogt discovered a flaw in sddm before 0.19.0. A local attacker can take
advantage of a race condition when creating the Xauthority file to escalate
Updated packages in core/updates_testing:
Testing this on M7 Plasma x86_64 and Cauldron.
Package updated successfully.
Reboot get proper X GUI to log in.
Plasma X session is OK.
Advisory pushed to SVN.
An update for this issue has been pushed to the Mageia Updates repository.