This update for icinga fixes the following issues:
Update to 1.14.0
- CVE-2015-8010: Fixed XSS in the icinga classic UI (boo#952777)
- CVE-2016-8641 / CVE-2016-10089: fixed a possible symlink attack for
files/dirs created by root (boo#1011630 and boo#1018047)
- CVE-2016-0726: removed the pre-configured administrative account with
fixed password for the WebUI - (boo#961115)