WordPress 2.6.2 is out – time to upgrade.

This release includes a workaround related to open registration and using mt_rand() to predict a randomized password. Of note, if you use PHP with the latest Suhosin version, you're already protected from the full exploit. The biggest changes for this release are found in wp-includes/pluggable.php and changes how random values are generated for passwords.
You should still upgrade your WordPress especially if you allow open registration.