Apple has finally gotten around to patching up numerous flaws in their OS. Some vulnerabilities depend on the functionality being enabled, so they would probably only apply to more advanced environments (ie server edition or a power user). In either case, since there are so many flaws - patch her up!
-A password management flaw in OpenLDAP. Some OpenLDAP validation schemes allow an attacker to use an encrypted password to authenticate. This means if attackers can access your encrypted password file, they can use the passwords without decrypting them. They simply authenticate by submitting the encrypted version of the password.
-A directory traversal flaw in OpenSSH. A malicious SSH server can exploit this vulnerability to overwrite files in directories it shouldn't have access to.
-A privilege escalation flaw in PPPDialer. Local attackers can exploit a flaw in how PPP components access log files to overwrite system files and elevate their privileges.
-A DoS in QuickTime Streaming Server. A remote attacker can send a specially-crafted sequence of packets to your Quicktime Streaming Server and crash it. This server only ships with OS X Server edition.
-A directory traversal flaw in rsync. When rsync runs in daemon mode, attackers can exploit a flaw to gain access to directories they should not have access to.
-Two browser flaws in Safari. Two flaws in Apple's Safari Web browser allow malicious Web sites to crash Safari or exploit a Cross-Site Scripting (XSS) attack.
-A SQL injection flaw in SquirrelMail. A flaw in SquirrelMail allows an attacker to execute unauthorized SQL commands.
-A DoS flaw in tcpdump. A remote attacker can send a specially-crafted packet that crashes the tcpdump packet sniffing service.
-A Denial of Service (DoS) in Apache 2. An attacker can stop your Apache Web server from responding to Web requests. Apache only ships with OS X Server edition and is disabled by default.
-Two privilege escalation vulnerabilities in CoreFoundation. -Two technically different flaws allow attackers who already have local accounts to gain elevated privileges on your OS X machines.
-An unauthorized connection flaw in IPSec. A flaw in how IPSec uses certificates can allow an attacker to negotiate an unauthorized IPSec connection. By default, certificates are not enabled for IPSec.
-Buffer Overflows in Kerberos. Multiple buffer overflows in Kerberos authentication functions allow attackers to execute code. However, Kerberos is not enabled by default.
-A race condition flaw in Lukemftpd. A flaw in the lukemftpd service could allow an attacker with a valid FTP login to either crash your FTP server or execute code. This ftp service is not activated by default.