1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 10/18/11 09:37, Pandu Poluan wrote: |
5 |
>> Every Xen VM is running its own kernel and needs to be restarted or |
6 |
>> kexec'ed when this kernel is updated. If this is not the case, the VM is |
7 |
>> vulnerable to kernel bugs just as any other physical system, even if the |
8 |
>> host on which the VM is running is secure. |
9 |
>> I assume BIND is updated and restarted as needed, but that is not enough. |
10 |
> |
11 |
> Does it matter if the DNS server is behind a firewall that allows only |
12 |
> TCP+UDP traffic to port 53? |
13 |
> |
14 |
> Rgds, |
15 |
> |
16 |
|
17 |
Maybe, depending on the vulnerability. |
18 |
|
19 |
-----BEGIN PGP SIGNATURE----- |
20 |
Version: GnuPG v2.0.17 (GNU/Linux) |
21 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
22 |
|
23 |
iQEcBAEBAgAGBQJOnUwWAAoJEMCA6frkLT6zBcIIAIs1bYzO5dqt0riYWcgld7Y1 |
24 |
GNv6MoXu0QhEA8HP4sNvpV932pebuc8U1vHaVLvRpb36HJEifj9MOtBLCdJR/Ne/ |
25 |
ZPelAHforaSSqePJF44yhg1dPhWe13IUyZCMEjZwNqlhXVR36y8wvkotE0Af7ddc |
26 |
5SNYyJnjl2nY9DzgsEiT+IEu7c0fvry35sqqv7rEZ8hGwnZZbH8k76RrLtmt7RQs |
27 |
gg+oWX2IwGyjjw42Y83dHdDaaP07vAUStCr//rYsFVo1TrPZEm5pBzdHM+8iDbho |
28 |
YBKSW0G2I40QXgOqFBh77oH24J8+ETAK9ugMry15GldS/SCGGjIoHmwGWnoHN/Y= |
29 |
=Fl/M |
30 |
-----END PGP SIGNATURE----- |