As of this writing, WordPress version 2.8.4 is the most current release. It was produced in August 2009 to fix a security hole. Versions prior to 2.8.4 are subject to a problem where an attacker sends a request for a specially crafted URL to your blog, which bypasses a security check on password resets. This could allow someone to reset your admin password. It would not send the password to the attacker, but it is definitely annoying.

How do I tell if I need to update?

Log in to the admin page of your WordPress site.  Click the Dashboard button, and you should see a statement which says, “You are using WordPress x.y.z”.  If x.y.z is anything less than 2.8.4 you need to update ASAP.