Updated version of the check

2024-6387/check.yml

@@ -38,14 +38,33 @@
     - debug:
         msg: "{{ openssh_version }}"
 
-    - name: Check if OpenSSH version is affected by CVE-2024-6387
+    - name: "Parse OpenSSH server version"
+      set_fact:
+        openssh_version_number: "{% set ver_num = openssh_version.split('p')[0] | int %}"
+
+    - debug:
+        msg: "{{ openssh_version_number }}"
+
+    - name: "Parse OpenSSH server version"
+      set_fact:
+        openssh_version_suffix: "{% set ver_suffix = openssh_version.split('p')[1] | int %}"
+      when: openssh_version | regex_search('p\d+$')
+
+    - name: "Some task that defines openssh_version_suffix (if needed)"
+      set_fact:
+        openssh_version_suffix: "p0"
+      when: openssh_version_suffix is undefined
+
+    - debug:
+        msg: "{{ openssh_version_suffix }}"
+
+    - name: "Check if OpenSSH version is affected by CVE-2024-6387"
       set_fact:
         is_vulnerable: >
           {% set ver_num = openssh_version.split('p')[0] | int %}
-          {% set ver_suffix = openssh_version.split('p')[1] | int %}
           {% if openssh_version in affected_versions or
-                (ver_num < min_safe_version.split('p')[0] | int) or
+                  (ver_num < min_safe_version.split('p')[0] | int) or
-                (ver_num == min_safe_version.split('p')[0] | int and ver_suffix < min_safe_version.split('p')[1] | int) %}
+                  (ver_num == min_safe_version.split('p')[0] | int and ver_suffix < min_safe_version.split('p')[1] | int) %}
             true
           {% else %}
             false
@@ -55,3 +74,7 @@
       debug:
         msg: >
           OpenSSH version {{ openssh_version }} is {% if is_vulnerable %} ## vulnerable ## {% else %} not vulnerable {% endif %} to CVE-2024-6387.
+
+    - fail: 
+        msg: "The server openssh version is vulnerable to CVE-2024-6387!!!"
+      when: is_vulnerable