Description
This update changes the broken default behavior of
pam_pwhistory to not enforce checks when the root user
requests password changes. In order to enforce pwhistory
checks on the root user, the "enforce_for_root" parameter
needs to be set for the pam_pwhistory.so module.
This pam update fixes the following security and
non-security issues:
* bnc#870433: Fixed pam_timestamp path injection
problem (CVE-2014-2583) * bnc#848417: Fixed pam_pwhistory root password enforcement when resetting non-root user's password