A pretty big vulnerability in the OpenSSL package has been published yesterday.
The official advisory is CVE-2014-0160 but you can read more about it at Heartbleed.com.
An exploitation of this bug could lead to exposing your SSL private keys so yeah, you should be patching right away.
If you are running a web server such as apache or nginx or any other service that uses OpenSSL this is relevant for you.
btw, SSL termination on AWS load balancers also uses this package, but you will have to wait for Amazon to patch it up.