Amazon Linux AMI Security Advisory: ALAS-2016-750
Advisory Release Date: 2016-09-27 10:30 Pacific
Ciphers with 64-bit block sizes used in CBC mode were found to be vulnerable to a birthday attack when key renegotiation doesn't happen frequently or at all in long running connections. The blowfish cipher as used in OpenVPN by default is vulnerable to this attack, allowing a remote attacker to recover partial plaintext information (XOR of two plaintext blocks).
Run yum update openvpn to update your system.