Is armory safe to REUSE the same offline bitcoin address with regards to recent SSL library linux issues and transaction malleability?
Address reuse is not affected by transaction malleability.
The SSL issue is a valid reason to avoid reusing addresses. (Specifically, to minimise the number of times you spend from an address - you can pay into it as many times as you want.) However, it's arguably less of a danger than key loggers. Either way, if the transaction signing is done by an offline Armory wallet, it will be difficult for an attacker to get their malware onto the same machine, and then difficult to get the leaked key information off so they can use it. Basically, this attack is another reason to use Armory offline wallets.
I don't think Armory does anything to encourage address reuse anyway. It has a checkbox for "Use an existing address for change", but it's unchecked by default.
If armory users are not to reuse the address, do they need to create a new wallet?
No. Each wallet manages multiple addresses.
Offline you create an address, how do you know the future address?
The wallet will create new addresses in a deterministic way, so paying-in addresses for an offline wallet will be the same as those generated by its watch-only online version. So avoiding reuse is usually as convenient as allowing it.
Reusing the initial address is very convenient.
It can be, if you need a stable address to publish. Vanity addresses also get reused a lot. In those cases you don't much care about privacy anyway. If you need to reuse an address, feel free to do so.
Note that you can pay into an address as many times as you like without issue. It's only when you spend from it that the SSL attack comes into play, and even then it needs a lot of spends.
Also ELI5 why is a bad idea to reuse the address apart from privacy maybe?
Privacy and security.
The privacy can be over-rated. In practice, all the inputs and one of the outputs for a given transaction probably come from the same wallet. Knowing this, an attacker can link addresses together even if they are "new". To get reliable privacy requires more knowledge and effort than is usually worthwhile. On the other hand, why make it easy for anyone?
The usual security reason given is that paying into an address only releases a hash of its public key, and paying out reveals the public key itself. Revealing the public key gives an attacker a theoretical advantage. In practice not enough to matter, but again, why make it easier?