Updating OS in containers

What is the preferred method to update containers? If I have an application running on CentOS 6.x and a patch is released (ie shellshock), can I stop the container and update that package and rerun it preserving its state?

The preferred method would be to use volumes for persistent data:
https://docs.docker.com/userguide/dockervolumes/

So if you want to update the containers base, just pull the latest image and start a new one.

But there are other options…
see: http://stackoverflow.com/questions/26734402/how-to-upgrade-docker-container-after-its-image-changed