The new versions of DotNetNuke,3.3.4 & 4.3.4, have just been released. As well as fixing a number of issues (check the roadmap for details), two security problems were fixed. We've released security bulletins for both these items that detail the problems, as well as the DotNetNuke versions affected. You can find links to both bulletins as well as the security policy itself here .
The first of the bulletins, DNN 2006-1-M, was actually fixed for 3.3.3/4.3.3 (the report came in very close to the release date). We held off releasing the bulletin for a few hours, whilst we investigated what previous versions of DotNetNuke were impacted, so we could see if it was possible to backport the fix (the issue is really a freetextbox issue, and has existed for some time). During this period, a second issue (DNN 2006-2-C) was sent in, which was a much more serious issue. Due to how close apart the issues were, and the relative difficulties in exploiting the first, the decision was made to wait until the second issue was fixed, to avoid a situation where users would have two upgrades only a few days apart.
I recommend you read both of them, and see if you need to take any action to update your portal(s).