updated 06:20 pm EDT, Thu October 9, 2008
Security Update 2008-007
Apple on Thursday unveiled Security Update 2008-007, resolving numerous holes in the system that mainly allowed for arbitrary code execution, but also pertains to several other vulnerabilities. The Weblog server was patched to fix an issue where users with multiple short names on the access control list would cause the server not to observe access rules properly. Security Update 2008-007 is available for both Mac OS X 10.4.11 Tiger and 10.5.5 Leopard.
Security vulnerabilities in MySQL Server, launchd, the Finder, CUPS, Apache, and QuickLook were also patched, with many others.