Alpine: curl: security update to 7.53.0

medium Tenable Cloud Security Plugin ID 403968

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh
proof of the server's certificate's validity in the code that checks for a test success or failure. It
ends up always thinking there's valid proof, even when there is none or if the server doesn't support the
TLS extension in question. This could lead to users not detecting when a server's certificate goes invalid
or otherwise be mislead that the server is in a better shape than it is in reality. This flaw also exists
in the command line tool (--cert-status). (CVE-2017-2629)

See Also

https://security.alpinelinux.org/vuln/CVE-2017-2629

Plugin Details

Severity: Medium

ID: 403968

Version: Revision 1.25

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS Score Source: CVE-2017-2629

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/22/2017

Reference Information

CVE: CVE-2017-2629

BID: 96382