VMWare has issued a security advisory (VMSA-2014-0004) listing which of their products are affected by the Heartbleed vulnerability. The advisory also announced one patch that has been released.
A long list of products are listed as affected: vCenter Server, ESXi, VMware Fusion, NSX-MH, NSX-V, NVP, Horizon Mirage Edge Gateway, Horizon View Feature Pack, Horizon View Client, Horizon Workspace Server, Horizon Workspace Client, Horizon Workspace for Macintosh, Horizon Workspace for Windows , OVF Tool, vCloud Networking and Security and vCloud Automation Center (vCAC). Of these, a patch has been released only for Horizon Workspace Server.
An earlier VMWare knowledge base article had listed the affected products, as well as a long list of unaffected VMWare products and services, plus one service — Socialcast — which was patched several days ago.
Users of Horizon Workspace Server 1.0 are advised to upgrade to version 1.5 and to apply the patch horizon-nginx-rpm-184.108.40.206-1736237.x86_64. Version 1.5 users should apply the same patch. Users of version 1.8 should apply horizon-nginx-rpm-220.127.116.110-1736201.x86_64.
The advisory also mentions another, lesser vulnerability in one implementation of OpenSSL which is fixed in the new version without specifically saying if VMWare is affected by it.