Ubuntu has issued an advisory on May 4:
The issue is fixed upstream in 2.5.2.
Mageia 7 and Mageia 8 are also affected.
Fixed upstream in 2.5.2Whiteboard:
Unsure who to give this to, so assigning it globally. CC'd Joseph (who has done all the most recent updates), and Bruno (registered maintainer).
Fedora has issued an advisory for this on April 24:
The issue is also fixed in 2.4.11.
The updated packages fix a security vulnerability:
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. (CVE-2020-15078)
Updated packages in 7/core/updates_testing:
Updated packages in 8/core/updates_testing:
MGA8TOO, MGA7TOO =>
Fixed upstream in 2.5.2 =>
MGA-64 - xfce - phys hardware
The following 4 packages are going to be installed:
went through MCC and did some configuration then modified netconfig.
Seems to be functional from my perspective.