Apple has released Security Update 2009-004 for Leopard and Tiger (PPC) via their Software Update utility and on the Web. According to the company, this update is recommended for all users and improves the security of Mac OS X. You can learn more about the security contents of this update over here. It should also be noted that previous security updates have been incorporated into this security update. Security Update 2009-004 weighs in at 166MB and requires Mac OS X 10.4.11 or later.
About Security Update 2009-004
Summary
This document describes the security content of Security Update 2009-004, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates."
http://support.apple.com/kb/HT1222?viewlocale=en_USProducts Affected
Product Security
Security Update 2009-004
BIND
CVE-ID: CVE-2009-0696
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: A remote attacker may be able to cause the DNS server to unexpectedly terminate
Description: A logic issue in the handling of dynamic DNS update messages may cause an assertion to be triggered. By sending a maliciously crafted update message to the BIND DNS server, a remote attacker may be able to interrupt the BIND service. The issue affects servers which are masters for one or more zones, regardless of whether they accept updates. BIND is included with Mac OS X and Mac OS X Server but it is not enabled by default. This update addresses the issue by properly rejecting messages with a record of type 'ANY' where an assertion would previously have been raised.