0.16.3 was announced a few days ago, but if you're running a node and haven't already updated, then you really must do so as soon as possible. The bug fixed in 0.16.3 is more severe than was previously made public. You can download 0.16.3 from bitcoin.org or bitcoincore.org or via BitTorrent, and as always, make sure that you verify the download.
If you only occasionally run Bitcoin Core, then it's not necessary to run out and upgrade it right this second. However, you should upgrade it before you next run it.
Stored funds are not at risk, and never were at risk. Even if the bug had been exploited to its full extent, the theoretical damage to stored funds would have been rolled back, exactly as it was in the value overflow incident. However, there is currently a small risk of a chainsplit. In a chainsplit, transactions could be reversed long after they are fully confirmed. Therefore, for the next week or so you should consider there to be a small possibility of any transaction with less than 200 confirmations being reversed.
Summary of action items:
- You should not run any version of Bitcoin Core other than 0.16.3. Older versions should not exist on the network. If you know anyone who is running an older version, tell them to upgrade it ASAP.
- That said, it's not necessary to immediately upgrade older versions if they are currently shut down. Cold-storage wallets are safe.
- For the next ~week, consider transactions with fewer than 200 confirmations to have a low probability of being reversed (whereas usually there would be essentially zero probability of them being reversed).
- Watch for further news. If a chainsplit happens, action may be required.