A new OpenSSL vulnerability is out this week, which can be used to reveal memory to a connected client or server. Tor uses OpenSSL so all Tor users (clients, relays, etc) are potentially affected.

You can read many more details about the Tor impact on our blog post: https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

We have released an updated Tor Browser Bundle: https://blog.torproject.org/blog/tor-browser-354-released

--Roger