neutron is vulnerable to bypass of security rules. The vulnerability exists because it does not prevent addition of invalid rules in the iptables firewall module, such as setting a destination port for Virtual Router Redundancy Protocol (VRRP), resulting in an error that prevents computation of subsequent security rules.
www.openwall.com/lists/oss-security/2019/03/18/2
www.securityfocus.com/bid/107390
access.redhat.com/errata/RHSA-2019:0879
access.redhat.com/errata/RHSA-2019:0916
access.redhat.com/errata/RHSA-2019:0935
git.openstack.org/cgit/openstack/neutron/commit/?id=8c213e45902e21d2fe00639ef7d92b35304bde82
launchpad.net/bugs/1818385
seclists.org/bugtraq/2019/Mar/24
security.openstack.org/ossa/OSSA-2019-001.html
usn.ubuntu.com/4036-1/
www.debian.org/security/2019/dsa-4409