Comment 7 for bug 272232

That seems to have fixed it. I changed that entry in /etc/pam.d/common-password like this:

#password [success=1 default=ignore] pam_unix.so obscure sha512
password required pam_unix.so obscure sha512

And now it throws out a better error message for both root and regular users when they fail changing their passwords:

ROOT:
root@ehud:/etc/pam.d# passwd
Enter new UNIX password:
Retype new UNIX password:
Sorry, passwords do not match
passwd: Authentication information cannot be recovered
passwd: password unchanged
root@ehud:/etc/pam.d#

USERX:
userX@ehud:/$ passwd
Changing password for userX.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
Sorry, passwords do not match
passwd: Authentication information cannot be recovered
passwd: password unchanged
userX@ehud:/$