Open source VPN software providers OpenVPN released an update Monday that patches a critical denial-of-service vulnerability.