VMware updated Security Advisory VMSA-2009-0004.1 and released 4 new patches:
VMware ESX 3.5, Patch ESX350-200904402-SG: Updates ESX Scripts <- This one also corrects the need to rescan storage twice with Qlogic HBA’s!
VMware ESX 3.5, Patch ESX350-200904406-SG: Updates vim-common, vim-minimal RPMs
VMware ESX 3.5, Patch ESX350-200904407-SG: Security Update to BIND
VMware ESX 3.5, Patch ESX350-200904408-SG: Security Update to the openssl Package
The KB articles referenced above state that none of these updates require VM or Host shutdown. The updated advisory includes references to ESX 3.0.3, 3.0.2 and 2.5, but no new patches have been released for these versions since April, 10, 2009.
You can subscribe to VMware Security announcments here: http://lists.vmware.com/mailman/listinfo/security-announce