How do I update bash on EOL Ubuntu versions?

Since you do want to keep using an officially unsupported release, your only option is to support it yourself.

I would advise getting the sources for the specific version on Ubuntu (be it 11.0, 12.0 or 13.10) and then applying the same patches that were applied on official packages; for reference, see:

• http://www.ubuntu.com/usn/usn-2362-1
• http://www.ubuntu.com/usn/usn-2363-1
• http://www.ubuntu.com/usn/usn-2363-2

Please note that although the Bash vulnerability is the one that got best media coverage, there are plenty of other vulnerabilities - almost daily - and you should seriously consider subscribing at least ubuntu-security-announce so that you are consistently aware of them. This is specifically more important in your case, since you are using an unsupported release.

Building bash from source is quite straightforward, you need a viable C development environment (gcc, binutils etc.) and the termcap library and headers (default, but you can use curses instead).

You should at least have a backup of your current bash binary before completing this, and ideally a complete backup or rescue disk. Depending on your OS, bash may be a critical part of your boot scripts! New versions sometimes contain non-backward-compatible changes in behaviour.

The same sequence of steps should work for all versions of bash-2.05b to bash-4.3, just replace "4.3" as appropriate, so you can stick with the same version if needed. Unless you're running the rather antique bash-2.05b, which is vulnerable but no official patch is available, AFAICT The fix has also been back-ported to 2.05b.

You should double check on the official site the current patch level, just in case you hit a stale mirror.

mkdir -p /usr/local/src/dist && cd /usr/local/src/dist
wget http://ftpmirror.gnu.org/bash/bash-4.3.tar.gz.sig
wget http://ftpmirror.gnu.org/bash/bash-4.3.tar.gz
wget http://tiswww.case.edu/php/chet/gpgkey.asc
gpg --import gpgkey.asc
gpg --verify bash-4.3.tar.gz.sig
cd ..
tar xzvf dist/bash-4.3.tar.gz
cd bash-4.3
mkdir patches && cd patches 
wget -r --no-parent --accept "bash43-*" -nH -nd  \
  ftp.heanet.ie/mirrors/gnu/bash/bash-4.3-patches/     # Use a local mirror
echo *sig | xargs -n 1 gpg --verify --quiet            # see note 2

cd ..
echo patches/bash43-0?? | xargs -n 1 patch -p0 -i      # see note 3 below

./configure --prefix=/usr  --bindir=/bin \             
        --docdir=/usr/share/doc/bash-4.3 \
        --without-bash-malloc            \
        --with-installed-readline

 make
 make test && make install   # see note 6

Notes:

1. Use a local mirror for patches, ftpmirror.gnu.org returns a redirect to one, but this doesn't work with the -r option to download the entire directory
2. (for the tinfoil hats) gpg doesn't set an useful error code, and doesn't complain very loudly if verification fails, look for the string "BAD" in the (copious) output
3. There are currently 25 27 30 patches for bash-4.3, 25—30 address CVE-2014-6271 and subsequent related issues. There may still be more patches to address this issue! You may receive patch warnings like "Ignoring potentially dangerous file name ../bash-4.3/patchlevel.h", these should be harmless, check that patchlevel.h contains the line #define PATCHLEVEL ... with the expected patch level.
4. the configure options change the default of /usr/local/, this means make install should overwrite your current bash
5. --without-bash-malloc selects the libc malloc, rather than a faster (slightly more wasteful) internal implementation. This might affect you if you use loadable bash modules as it can cause an incompatibility, but not many people use this feature. The package for this is probably called bash-builtins.
6. make test will take some time. You must be root to complete make install (it's often considered bad practise to compile software as root)
7. Ubuntu, being Debian derived probably use the same extra patches that Debian do, see here for example. These patches may contain features that you use. If you apply the patch to the bash source tree, see the debian/README file for more details.
8. One more bear-trap, you may also have a static-bash binary, which you should also rebuild. To do this restart from the "./configure ..." step, adding --enable-static-link.

See also, the bash build in Linux From Scratch. The OSS-SEC list is a good place to watch for patches and the current status.

Short answer for quantal (Ubuntu 12.10): Download and install the bash package from the precise repository.

Walkthrough

For quantal (Ubuntu 12.10), I searched for bash packages from nearby releases. I downloaded packages for raring and precise.

Before getting started, I made a backup of my existing bash package, so I could hopefully recover my system if the fresh install failed. (Requires the dpkg-repack package.)

$ dpkg-repack bash

Although probably I should have just copied the executable /bin/bash to /root/bash.vulnerable, since that would be easier to restore in an emergency.

Raring

First I tried the package from raring:

$ dpkg -i bash_4.2-5ubuntu3_i386.deb

But that tested as still vulnerable!

Precise

So then I tried the package from precise:

$ dpkg -i bash_4.2-2ubuntu2.6_i386.deb

That tested as safe, using the bashcheck script.

Testing /bin/bash ...
GNU bash, version 4.2.25(1)-release (i686-pc-linux-gnu)

Variable function parser pre/suffixed [%%, upstream], bugs not exploitable
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Not vulnerable to CVE-2014-6277 (lcamtuf bug #1)
Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)

But I really wish I had installed an LTS release. I still plan to do an upgrade when I have time...