Apple has released Security Update 2010-006, which, at a little less than 2MB, could almost fit on a single floppy disk. (Remember those?)
According to this security document, the update fixes one specific bug in Mac OS X 10.6.4’s AFP file sharing implementation that could allow remote attackers to bypass the password validation system if they know the name of an account on the Mac.
Fortunately, previous versions of Mac OS X are not affected. As of this writing, Apple has not released the same security fix for Mac OS X 10.6 Snow Leopard Server. For now, at least, only client users need the update.