WordPress 2.6.2.: This release is in response to a recent warning to developers from Stefan Esser about the dangers of SQL Column Truncation and weaknesses of mt_rand(). The issue at hand that forced the release is discussed in detail on the WordPress.org blog post linked above. Basically the attack is complex, is dependent on open registration being turned on in your blog, but can be executed in theory and turns out to be more of an annoyance than an actual exploit.
If you have open registration on your blog, the WordPress.org team recommends that you upgrade your install to WordPress 2.6.2 A handful of other fixes are also included in this upgrade. Here is a list of changed files.