[mnordhoff]

That vulnerability only applies to HVM guests. No doubt there are other reasons to have rebooted since 2013, but if one of Rackspace's servers only has paravirtualized guests (do they use HVM at all? I don't know), they can get by without patching it.

[rgbrenner]

Did you see how many vulnerabilities 659 days covers? I mean, if that one doesn't apply, just go back a bit. How about this one from June 2014:

memory pages that were in use by the hypervisor and are eligible to be allocated to guests weren't being properly cleaned. Such exposure of information would happen through memory pages freshly allocated to or by the guest. ... it is possible for an attacker to obtain modest amounts of in-flight and in-use data, which might contain passwords or cryptographic keys.

http://xenbits.xen.org/xsa/advisory-100.html

[kbar13]

rackspace most likely uses hvm guests. I think they had freebsd before there was xen pv support

[yclept]

Rackspace has both HV and PV for most default linux images