Apple has released a security update for OS X 10.6 and OS X 10.5 machines, which addresses a number of security holes for both the client and server versions of OS X. For both the client and server versions, the update fixes several problems that could lead to arbitrary code execution.
The specific services fixed are CoreGraphics, Apple Type Services, PHP, and libsecurity (certificate host name resolution), as well as Samba. The majority of the exploits are buffer overflows that could result in arbitrary code execution.
It is highly recommended that you apply these updates to your system, but be sure before you do so that you have your system fully backed up in a manner that makes a system restore easy.
The update is approximately 84MB in size and will require a system restart once applied. It is available through Software Update, but also can be downloaded from the following Web pages:
For the details on the security holes that were addressed with this update, see this Apple Knowledgebase document.