Apache SpamAssassin before version 3.4.2 is vulnerable to a denial of service in the handling of crafted email. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts.
Created spamassassin tracking bugs for this issue:
Affects: fedora-all [bug 1629522]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:2916 https://access.redhat.com/errata/RHSA-2018:2916