| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 10/18/11 09:37, Pandu Poluan wrote: |
| 5 |
>> Every Xen VM is running its own kernel and needs to be restarted or |
| 6 |
>> kexec'ed when this kernel is updated. If this is not the case, the VM is |
| 7 |
>> vulnerable to kernel bugs just as any other physical system, even if the |
| 8 |
>> host on which the VM is running is secure. |
| 9 |
>> I assume BIND is updated and restarted as needed, but that is not enough. |
| 10 |
> |
| 11 |
> Does it matter if the DNS server is behind a firewall that allows only |
| 12 |
> TCP+UDP traffic to port 53? |
| 13 |
> |
| 14 |
> Rgds, |
| 15 |
> |
| 16 |
|
| 17 |
Maybe, depending on the vulnerability. |
| 18 |
|
| 19 |
-----BEGIN PGP SIGNATURE----- |
| 20 |
Version: GnuPG v2.0.17 (GNU/Linux) |
| 21 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
| 22 |
|
| 23 |
iQEcBAEBAgAGBQJOnUwWAAoJEMCA6frkLT6zBcIIAIs1bYzO5dqt0riYWcgld7Y1 |
| 24 |
GNv6MoXu0QhEA8HP4sNvpV932pebuc8U1vHaVLvRpb36HJEifj9MOtBLCdJR/Ne/ |
| 25 |
ZPelAHforaSSqePJF44yhg1dPhWe13IUyZCMEjZwNqlhXVR36y8wvkotE0Af7ddc |
| 26 |
5SNYyJnjl2nY9DzgsEiT+IEu7c0fvry35sqqv7rEZ8hGwnZZbH8k76RrLtmt7RQs |
| 27 |
gg+oWX2IwGyjjw42Y83dHdDaaP07vAUStCr//rYsFVo1TrPZEm5pBzdHM+8iDbho |
| 28 |
YBKSW0G2I40QXgOqFBh77oH24J8+ETAK9ugMry15GldS/SCGGjIoHmwGWnoHN/Y= |
| 29 |
=Fl/M |
| 30 |
-----END PGP SIGNATURE----- |
Archives