Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for CVE-2020-11810.
This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation. This wi why the severity is rated low.
Please login to add feedback.