Some of the major issues fixed include the following:

Adaptive Firewall-A brute force or dictionary attack may not be detected properly by the adaptive firewall. The firewall will not detect invalid SSH user name login attempts. The temporary rule generation and detection of these events are improved.

Apache-Various apache CVE-ID are addressed including an update to version 2.2.13, TRACE HTTP is disabled by default and Apache Portable Runtime is updated to 1.3.8. You can visit http://apache.org/ for more information.

Certificate Assistant-SSL certificates handling is improved to address NUL characters in the Common Name Field. In addition libsecurity now has MD2 hash disabled for X.509 certificate unless it is trusted root. Administrators should recreate any of these certificates with SHA1.

OpenSSH-Updated to 5.2p1 http://www.openssh.org/txt/release-5.2

OpenLDAP-An attacker could conduct a man-in-the-middle attack even if SSL is used. This is conjunction with the handling of Common Name Field improves the handling of SSL certificates. Several OpenLDAP patches are applied to prevent DOS and malicious code execution. Visit http://www.openldap.org/ for more information.

Login Window-The guest account issues has been addressed in 10.6.x with improved credentials handling.

IPSec-Several vulnerabilities in the racoon daemon (which handles the encryption key) are mitigated by applying IPSec-Tools patches. https://trac.ipsec-tools.net/ is worth a look, make sure you understand IPSec since misconfiguration is far more dangerous then not using it.

Subversion-Various heap buffers are addressed by updating the SVN system to 1.6.5.