-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/18/11 09:37, Pandu Poluan wrote: >> Every Xen VM is running its own kernel and needs to be restarted or >> kexec'ed when this kernel is updated. If this is not the case, the VM is >> vulnerable to kernel bugs just as any other physical system, even if the >> host on which the VM is running is secure. >> I assume BIND is updated and restarted as needed, but that is not enough. > > Does it matter if the DNS server is behind a firewall that allows only > TCP+UDP traffic to port 53? > > Rgds, >
Maybe, depending on the vulnerability. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOnUwWAAoJEMCA6frkLT6zBcIIAIs1bYzO5dqt0riYWcgld7Y1 GNv6MoXu0QhEA8HP4sNvpV932pebuc8U1vHaVLvRpb36HJEifj9MOtBLCdJR/Ne/ ZPelAHforaSSqePJF44yhg1dPhWe13IUyZCMEjZwNqlhXVR36y8wvkotE0Af7ddc 5SNYyJnjl2nY9DzgsEiT+IEu7c0fvry35sqqv7rEZ8hGwnZZbH8k76RrLtmt7RQs gg+oWX2IwGyjjw42Y83dHdDaaP07vAUStCr//rYsFVo1TrPZEm5pBzdHM+8iDbho YBKSW0G2I40QXgOqFBh77oH24J8+ETAK9ugMry15GldS/SCGGjIoHmwGWnoHN/Y= =Fl/M -----END PGP SIGNATURE-----
