Security Update 2010-007 (Leopard and Leopard Server)
The just-released Mac OS X 10.6.5 includes numerous security fixes that are also relevant to Mac OS X 10.5.8 Leopard and Leopard Server. For you Leopard users out there, Apple has now released Security Update 2010-007 Leopard Client and Security Update 2010-007 Leopard Server to address 32 vulnerabilities spread throughout the operating system. You can read the details on Apple’s Web site.
Flash Player merits special attention, since Apple’s inclusion of version 10.1.102.64 addresses 56 different vulnerabilities since the previously shipped version. That’s somewhat deceptive, since Mac OS X 10.6.4 shipped with Flash Player 10.0.45.2 even when 10.1.53.64 was current with fixes for numerous security holes. In short, don’t depend on Apple to provide the latest version of Flash Player; it’s a huge target for security exploits and Adobe is constantly releasing new versions to address significant problems.
Four of the security changes are specific to Mac OS X Server 10.5.8, notably fixes to Password Server and Wiki Server, and new versions of MySQL and PHP.
Security Update 2010-007 is most easily downloaded via Software Update, but standalone installers are also available via the links above. (Free, 240.74 MB for Mac OS X 10.5 Leopard, 448.10 MB for Leopard Server)
SL Server version of pulled. CNET has a report on it which I can't seem to reference here.
I commented on Apple pulling Mac OS X Server 10.6.5 over on that article, but as far as I can tell, Security Update 2010-007 for Leopard Server remains available.
(With regard to URLs, you can always enter straight URLs here, but no HTML.)
I just received Apple's announcement "APPLE-SA-2010-11-15-1 Mac OS X Server v10.6.5 (10H575)" and it has been re-posted to the Apple Support Download page, still dated Nov 10 as if nothing had happened. It was missing for most of the weekend.