Fedora 44 PostgreSQL Anonymizer Faces Serious DoS and PII Issues
fedora
March 7, 2026
Updated to newest version fixing CVEs found in the previous one
Summary
PostgreSQL Anonymizer is an extension to mask or replace
personally identifiable information (PII) or commercially sensitive data from
a PostgreSQL database.
The project has a declarative approach of anonymization. This means you can
declare the masking rules using the PostgreSQL Data Definition Language (DDL)
and specify your anonymization policy inside the table definition itself.
Update Information:
Updated to newest version fixing CVEs found in the previous one
Topics Covered
Change Log
* Wed Feb 18 2026 Petr Khartskhaev
References
[ 1 ] Bug #2438041 - CVE-2026-25727 postgresql16-anonymizer: time affected by a stack exhaustion denial of service attack [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2438041
[ 2 ] Bug #2439079 - CVE-2026-2361 postgresql16-anonymizer: Improper search_path protection in PostgreSQL Anonymizer 2.5 allows any user with create privilege to gain superuser privileges [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2439079
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1ace5758de' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: postgresql16-anonymizer
Product: Fedora 44
Version: 3.0.5
Release: 2.fc44
Summary: Mask or replace personally identifiable information (PII) or sensitive data
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!