OpenSSL 1.0.2p fixes two vulnerabilities [1]
Airlock WAF is not affected
Details:
CVE-2018-0737: Cache timing vulnerability in RSA Key Generation. Not relevant for Airlock WAF because RSA keys are usually not generated on Airlock WAF or if they are, attackers can not mount cache timing attacks in this environment (shell access only for trusted user).
CVE-2018-0732: Client DoS due to large DH parameter. Airlock WAF uses OpenSSL as server library to handle external TLS connections as well as client library for back-end HTTPS connections, ICAPS, OCSP, CRL Update, etc. The vulnerability is not relevant for the server part because it only affects clients. For the client part all peers are trusted and the risk of successful DoS attack is negligible.
No action required.