Curl version 7.59.0 fixes three vulnerabilities [1].
No action required for Airlock WAF
Details:
CVE-2018-1000122: RTSP RTP buffer over-read. Not relevant for Airlock WAF because RTSP is not used.
CVE-2018-1000005: LDAP NULL pointer dereference. Not relevant for Airlock WAF because LDAP is not used.
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write. FTP in curl can be used to fetch CRLs on Airlock WAF [2]. The vulnerability is not relevant for Airlock WAF because the affected parameter "--ftp-method singlecwd" is not used.