Malformed-file vulnerabilities (which can cause crashes or allow the execution of arbitrary code) are prominent, with fixes in ColorSync, CoreGraphics (for the malformed PDF exploit from MoAB), Disk Image handling (multiple flaws, some of which appeared in MoAB or MoKB), ImageIO (malformed GIF and RAW images), QuickDraw (PICT images), Software Update (MoAB again)
The CrashReporter privilege escalation vulnerability (another MoAB issue) has been fixed, and the printer initialisation process no longer provides an opportunity for a malicious user to create or overwrite arbitrary files.
CUPS (denial of service attack), Directory Services ("An implementation flaw in DirectoryService allows an unprivileged LDAP user to change the local root password"), a pair of AppleTalk issues (identified during MoKB and MoAB), Server Manager (flawed user validation), an Apple-specific Samba module (buffer overflow vulnerability) have all been updated.
IOKit has been changed to prevent one logged-in user from capturing another's keystrokes,
Kernel changes reduce the risk of deliberately caused kernel panics, privilege elevation, and denials of service (more MoKB issues).
Some non-Apple security updates are part of the package, namely Adobe Flash Player 22.214.171.124, GNU Tar 1.16.1 (archiving utility), MySQL Server 4.1.22, OpenSSH 4.5, sudo 1.6.8p12, and Blojsom (Mac OS X Server only).
What about Mac OS X Server?