systemd 239 through 243 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. CREATE(Triage):(User=admin) [CVE-2018-21029|https://nvd.nist.gov/vuln/detail/CVE-2018-21029]