| skipped 46 lines |
| 47 | 47 | | local sudo |
| 48 | 48 | | local sudo_version |
| 49 | 49 | | local v2 |
| | 50 | + | local package_version |
| | 51 | + | local package_fixed |
| | 52 | + | local distro_release |
| 50 | 53 | | sudo="$(command -v sudo)" |
| 51 | 54 | | if [ -n "$sudo" ]; then |
| 52 | 55 | | vulnerable=true |
| 53 | 56 | | sudo_version="$(sudo --version | head -n1 | cut -d ' ' -f 3)" |
| 54 | 57 | | v2="$(echo "$sudo_version" | cut -d. -f2)" |
| | 58 | + | package_version="$(lse_get_pkg_version sudo)" |
| 55 | 59 | | # only 1.8.2 to 1.8.31p2 is vulnerable |
| 56 | 60 | | if lse_is_version_bigger 1.8.2 "$sudo_version"; then |
| 57 | 61 | | exit 1 |
| skipped 3 lines |
| 61 | 65 | | fi |
| 62 | 66 | | # only 1.9.0 to 1.9.5p1 is vulnerable |
| 63 | 67 | | if lse_is_version_bigger "$sudo_version" 1.9.5p1; then |
| | 68 | + | exit 1 |
| | 69 | + | fi |
| | 70 | + | case "$lse_distro_codename" in |
| | 71 | + | ubuntu) |
| | 72 | + | [ -r "/etc/os-release" ] && distro_release=$(grep -E '^VERSION_CODENAME=' /etc/os-release | cut -f2 -d=) |
| | 73 | + | case "$distro_release" in |
| | 74 | + | precise) |
| | 75 | + | package_fixed="1.8.3p1-1ubuntu3.10" |
| | 76 | + | ;; |
| | 77 | + | trusty) |
| | 78 | + | package_fixed="1.8.9p5-1ubuntu1.5+esm6" |
| | 79 | + | ;; |
| | 80 | + | xenial) |
| | 81 | + | package_fixed="1.8.16-0ubuntu1.10" |
| | 82 | + | ;; |
| | 83 | + | bionic) |
| | 84 | + | package_fixed="1.8.21p2-3ubuntu1.4" |
| | 85 | + | ;; |
| | 86 | + | focal) |
| | 87 | + | package_fixed="1.8.31-1ubuntu1.2" |
| | 88 | + | ;; |
| | 89 | + | groovy) |
| | 90 | + | package_fixed="1.9.1-1ubuntu1.1" |
| | 91 | + | ;; |
| | 92 | + | esac |
| | 93 | + | ;; |
| | 94 | + | esac |
| | 95 | + | if [ -n "$package_fixed" ] && [ -n "$package_version" ] && ! lse_is_version_bigger "$package_fixed" "$package_version"; then |
| 64 | 96 | | exit 1 |
| 65 | 97 | | fi |
| 66 | 98 | | fi |
| skipped 3 lines |
