CVE-2018-21029

Name of the Vulnerable Software and Affected Versions systemd versions 239 through 245

Description The issue concerns the acceptance of any certificate signed by a trusted certificate authority for DNS Over TLS, without sending Server Name Indication (SNI) and without hostname validation when using the GnuTLS backend. It has been disputed by the developer as not being a vulnerability, arguing that hostname validation is not relevant in this context.

Recommendations For versions 239 through 245, consider restricting the use of DNS Over TLS with the GnuTLS backend until a resolution is determined, as the developer dispute may indicate a need for further review or clarification on the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.