That vulnerability only applies to HVM guests. No doubt there are other reasons to have rebooted since 2013, but if one of Rackspace's servers only has paravirtualized guests (do they use HVM at all? I don't know), they can get by without patching it.
Did you see how many vulnerabilities 659 days covers? I mean, if that one doesn't apply, just go back a bit. How about this one from June 2014:
memory pages that were in use by the hypervisor and are eligible to be allocated to guests weren't being properly cleaned. Such exposure of information would happen through
memory pages freshly allocated to or by the guest. ... it is possible for an attacker to obtain modest amounts of in-flight and in-use data, which might contain passwords or cryptographic keys.
Is that a guest or a host? If it's a guest, there shouldn't be a need for reboot, only suspend/resume... (note that a reboot can be a good idea from time to time, just to make sure the current configuration (eg: post kernel upgrades, before reboot) -- actually boots).
your server is vulnerable to a number of Xen security vulnerabilities: http://xenbits.xen.org/xsa/
Including this one from Oct 1, 2014 that allows guests to read up to 3KB of memory from the hypervisor or other guests:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7188
http://threatpost.com/serious-hypervisor-bug-fix-causes-unex...