diff --git a/procps-ng.spec b/procps-ng.spec
index d9e31f3..7caea5d 100644
--- a/procps-ng.spec
+++ b/procps-ng.spec
@@ -15,6 +15,7 @@ Patch0: vmstat-wide-not-wide-enough.patch
 Patch1: ksh-skip-trailing-zeros.patch
 Patch2: vmstat-timestamps.patch
 Patch3: watch-fd-leak.patch
+Patch4: vmstat-format-security.patch
 
 Requires(post): /sbin/ldconfig
 Requires(postun): /sbin/ldconfig
@@ -82,6 +83,7 @@ System and process monitoring utilities development headers
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 
 %build
@@ -154,6 +156,7 @@ ln -s %{_bindir}/pidof %{buildroot}%{_sbindir}/pidof
 * Wed Feb 05 2014 Jaromir Capik <jcapik@redhat.com> - 3.3.9-5
 - Support for timestamps & wide diskstat (#1053428, #1025833)
 - Fixing fd leak in watch
+- Fixing format-security build issues
 
 * Fri Jan 24 2014 Jaromir Capik <jcapik@redhat.com> - 3.3.9-4
 - Skipping trailing zeros in read_unvectored (#1057600)
diff --git a/vmstat-format-security.patch b/vmstat-format-security.patch
new file mode 100644
index 0000000..68bcef7
--- /dev/null
+++ b/vmstat-format-security.patch
@@ -0,0 +1,29 @@
+diff -Naur procps-ng-3.3.9.orig/vmstat.c procps-ng-3.3.9/vmstat.c
+--- procps-ng-3.3.9.orig/vmstat.c	2014-02-05 12:55:02.000000000 +0100
++++ procps-ng-3.3.9/vmstat.c	2014-02-05 16:58:35.786000000 +0100
+@@ -204,10 +204,10 @@
+ 	    "%2s %2s %12s %12s %12s %12s %4s %4s %5s %5s %4s %4s %3s %3s %3s %3s %3s";
+ 
+ 
+-	printf(w_option ? wide_header : header);
++	printf("%s", w_option ? wide_header : header);
+ 
+ 	if (t_option) {
+-		printf(timestamp_header);
++		printf("%s", timestamp_header);
+ 	}
+ 
+ 	printf("\n");
+@@ -528,10 +528,10 @@
+ 	const char wide_format[] =
+ 	    "%5s %9s %9s %11s %11s %9s %9s %11s %11s %7s %7s";
+ 
+-	printf(w_option ? wide_header : header);
++	printf("%s", w_option ? wide_header : header);
+ 
+ 	if (t_option) {
+-		printf(timestamp_header);
++		printf("%s", timestamp_header);
+ 	}
+ 
+ 	printf("\n");